Compare commits
153 Commits
Author | SHA1 | Date |
---|---|---|
Ciapa | dad468fec4 | |
Ciapa | 1573b9d4f1 | |
Ciapa | 29eb675b80 | |
Ciapa | 85e8b63f08 | |
Ciapa | 862c5e9cc1 | |
Ciapa | e15a8bb3eb | |
Ciapa | 18198b5d00 | |
Ciapa | b17770b56b | |
Ciapa | 45fbd6e8a8 | |
Ciapa | 8a9350b114 | |
Ciapa | 6d826ee4d2 | |
Ciapa | 6f92c589c3 | |
Ciapa | 2e8996767e | |
Ciapa | 9c5984ba4f | |
Ciapa | 24ea080b34 | |
Ciapa | def048b9a8 | |
Ciapa | 1acf5e2d70 | |
Ciapa | f941d15909 | |
Ciapa | e008ca453a | |
Ciapa | 73b0e2043e | |
Ciapa | 7a737ca637 | |
Ciapa | 8091266421 | |
Ciapa | 4bbde94059 | |
ciapa | 5b45790d01 | |
ciapa | 64ca121790 | |
ciapa | 2716a5597e | |
ciapa | 214b5a62c4 | |
ciapa | c804362bb0 | |
ciapa | 624aebdc32 | |
ciapa | 08c26262d6 | |
Ciapa | 8518832b7d | |
Ciapa | 094030f4d5 | |
Ciapa | a75118a5f6 | |
Ciapa | d77f0556bb | |
Ciapa | 855a3556a8 | |
Ciapa | f84e17d062 | |
Ciapa | 6215a962e4 | |
Ciapa | e7838b8992 | |
Ciapa | 809eb05edf | |
Ciapa | e48cd67df2 | |
Ciapa | c93000421f | |
Ciapa | 5cbb5d2f33 | |
Ciapa | 55f8c82eef | |
Ciapa | 00aafb2ad9 | |
Ciapa | cb2ac4c8da | |
Ciapa | ea047147b9 | |
Ciapa | 7a704851c0 | |
Ciapa | 8543999a8a | |
Ciapa | f85dc16246 | |
Ciapa | 597c2f9ff3 | |
Ciapa | b5f1441bb2 | |
Ciapa | 6e7dd508d0 | |
Ciapa | b8a7d1bf0d | |
Ciapa | 2d14658dcd | |
Ciapa | 1ee82e6ce1 | |
ciapa | 8a0930c356 | |
ciapa | c51d6b1894 | |
github-actions[bot] | 495a284b5e | |
Ciapa | 7f5f10a2a6 | |
Ciapa | 2c69781801 | |
Ciapa | 6b94be36bb | |
Ciapa | 1ef353f93f | |
Ciapa | 8558ff9ab3 | |
Ciapa | 603dacbba0 | |
Ciapa | ad8900a673 | |
Ciapa | 0dbd7fd26e | |
Ciapa | 3baa8be38f | |
Ciapa | 1ff9cc4c96 | |
Ciapa | 458cc231c4 | |
Ciapa | 41bf8d4753 | |
Ciapa | 94759f48f7 | |
Ciapa | d662af337f | |
Ciapa | bb905ea921 | |
ciapa | dae138ccbf | |
ciapa | d15b3291cf | |
Ciapa | 9520b7702b | |
Ciapa | 2ceca89165 | |
Hayajiro | 6f46f469b2 | |
ciapa | 20b8884d3e | |
Hayajiro | 7a91f2c091 | |
ciapa | 74f5215123 | |
ciapa | 41e58cf8d1 | |
ciapa | e99a35109e | |
ciapa | 539c37b90f | |
Hayajiro | e5d96268c5 | |
Hayajiro | e618d6515a | |
Hayajiro | 1fd83754b3 | |
Hayajiro | da293b531f | |
Hayajiro | edef993195 | |
Hayajiro | 5821106de9 | |
Hayajiro | 14123c49a2 | |
Hayajiro | f54c1c2a07 | |
Ciapa | 0161ac2d68 | |
Ciapa | caa2ffeb7b | |
NixOS Flake Update | ad246b69ca | |
Ciapa | 44b877453f | |
NixOS Flake Update | 069145e168 | |
Ciapa | 1b55aad22a | |
Ciapa | 03c86eeadc | |
NixOS Flake Update | 71bfb3fa02 | |
Ciapa | a5058cc1bb | |
NixOS Flake Update | 663bde1c4d | |
Ciapa | b2a5708c73 | |
Ciapa | fe2680a7ac | |
NixOS Flake Update | bb1358be03 | |
Ciapa | 030ab41bdf | |
Ciapa | 548d592e60 | |
Ciapa | 3f9160afa2 | |
NixOS Flake Update | 66e197db2f | |
Ciapa | 50d995be03 | |
NixOS Flake Update | a61639e698 | |
Ciapa | 6b5dd8ff03 | |
NixOS Flake Update | 8b919e17f8 | |
Ciapa | c5eb5807aa | |
Ciapa | 4bf9404968 | |
Ciapa | 2500171c72 | |
NixOS Flake Update | 08efc4bca5 | |
Ciapa | 150373b165 | |
Ciapa | 741529d9ea | |
Ciapa | 84a642e381 | |
Ciapa | 875f90c168 | |
NixOS Flake Update | e2b58d3853 | |
Ciapa | 98f7d5470c | |
Ciapa | f85887cae1 | |
Ciapa | 9bb273aed2 | |
Ciapa | 31c208ca9b | |
Ciapa | 7a3a236c29 | |
Ciapa | 5ded70ca0f | |
NixOS Flake Update | 4b7417f24b | |
Ciapa | ba86b6f587 | |
Ciapa | 68bc99fd15 | |
Ciapa | 14a26c968a | |
Ciapa | 352098d416 | |
NixOS Flake Update | b3528e5609 | |
Ciapa | 9b1cf76290 | |
NixOS Flake Update | d29909c62b | |
Ciapa | c6c2ed6986 | |
Ciapa | 41d754202d | |
Ciapa | d369b374cb | |
Ciapa | 8beef4ea04 | |
Ciapa | 5b76fa26ba | |
Ciapa | 1f9edc6e8f | |
Ciapa | aeb4b989b2 | |
Ciapa | 742569bf2e | |
Ciapa | 4fbf0c5880 | |
Ciapa | 08449b5de4 | |
Ciapa | 97203c3580 | |
Ciapa | cf19484d37 | |
NixOS Flake Update | 86da9cd453 | |
Ciapa | bcabfc6d28 | |
Ciapa | cab1c8e305 | |
Ciapa | 98d29bd4ba | |
Ciapa | cb5a31e12f |
|
@ -1,4 +1,4 @@
|
||||||
image: nixos/nix
|
image: nixos/nix:2.17.1
|
||||||
|
|
||||||
variables:
|
variables:
|
||||||
NIXOS_VERSION: "unstable"
|
NIXOS_VERSION: "unstable"
|
||||||
|
@ -8,6 +8,7 @@ variables:
|
||||||
stages:
|
stages:
|
||||||
- test
|
- test
|
||||||
- deploy
|
- deploy
|
||||||
|
- scheduled
|
||||||
|
|
||||||
before_script:
|
before_script:
|
||||||
- mv .gitlab/passwd /etc/passwd
|
- mv .gitlab/passwd /etc/passwd
|
||||||
|
@ -23,6 +24,8 @@ test:
|
||||||
rules:
|
rules:
|
||||||
- if: $CI_PIPELINE_SOURCE == "schedule"
|
- if: $CI_PIPELINE_SOURCE == "schedule"
|
||||||
when: never
|
when: never
|
||||||
|
- if: $CI_PIPELINE_SOURCE == 'merge_request_event'
|
||||||
|
when: never
|
||||||
- when: always
|
- when: always
|
||||||
|
|
||||||
deploy:
|
deploy:
|
||||||
|
@ -42,25 +45,30 @@ deploy:
|
||||||
|
|
||||||
|
|
||||||
check updates:
|
check updates:
|
||||||
stage: test
|
stage: scheduled
|
||||||
script:
|
script:
|
||||||
# Prepare git access
|
# Prepare git access
|
||||||
- nix-env -iA nixos.openssh
|
- nix-env -iA nixos.openssh
|
||||||
- eval "$(ssh-agent -s)"
|
- eval "$(ssh-agent -s)"
|
||||||
- chmod 0600 $SSH_UPDATE_KEY
|
- chmod 0600 $SSH_UPDATE_KEY
|
||||||
- ssh-add $SSH_UPDATE_KEY
|
- ssh-add $SSH_UPDATE_KEY
|
||||||
- mkdir -p ~/.ssh && touch ~/.ssh/known_hosts
|
|
||||||
- ssh-keyscan git.lewd.wtf >> ~/.ssh/known_hosts
|
|
||||||
- git config --global user.name "NixOS Flake Update"
|
- git config --global user.name "NixOS Flake Update"
|
||||||
- git config --global user.email "git@lewd.wtf"
|
- git config --global user.email "git@lewd.wtf"
|
||||||
- git remote rm origin && git remote add origin "git@git.lewd.wtf:${CI_PROJECT_PATH}.git"
|
- git remote rm origin && git remote add origin "git@git.lewd.wtf:${CI_PROJECT_PATH}.git"
|
||||||
# Update flakes
|
# Update flakes
|
||||||
- nix flake update
|
- nix flake update
|
||||||
# Push changes
|
# Push changes
|
||||||
|
- git branch -D flakes_update || true
|
||||||
- git checkout -b flakes_update
|
- git checkout -b flakes_update
|
||||||
- git add flake.lock
|
- git add flake.lock
|
||||||
- git commit -m 'Update NixOS Flakes'
|
- git commit -m 'Update NixOS Flakes'
|
||||||
- git push --set-upstream origin flakes_update -o merge_request.create
|
- GIT_SSH_COMMAND="ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no" git push -f --set-upstream origin flakes_update -o merge_request.create
|
||||||
rules:
|
rules:
|
||||||
- if: $CI_PIPELINE_SOURCE == "schedule"
|
- if: $CI_PIPELINE_SOURCE == "schedule"
|
||||||
|
|
||||||
|
clean nix store:
|
||||||
|
stage: scheduled
|
||||||
|
script:
|
||||||
|
- nix-collect-garbage --delete-older-than 14d
|
||||||
|
rules:
|
||||||
|
- if: $CI_PIPELINE_SOURCE == "schedule"
|
||||||
|
|
14
.sops.yaml
14
.sops.yaml
|
@ -6,6 +6,8 @@ keys:
|
||||||
# Hosts
|
# Hosts
|
||||||
- &host_kinda_sus_lol age187hkscvxar33wta3zvgypj6kkc02g6sewwmfwmup26z2fuhwpamsa2d8yh
|
- &host_kinda_sus_lol age187hkscvxar33wta3zvgypj6kkc02g6sewwmfwmup26z2fuhwpamsa2d8yh
|
||||||
- &host_nyx_lewd_wtf age1vnyex6qqzwl5laxgww9xzcqy9ht85s0etgq0esry8gk7ad0eaq8qz9p5ya
|
- &host_nyx_lewd_wtf age1vnyex6qqzwl5laxgww9xzcqy9ht85s0etgq0esry8gk7ad0eaq8qz9p5ya
|
||||||
|
- &host_phoenix_lewd_wtf age1tf5077gpdp3cp4hedvng5wltzvp9jg0ehpt7czhnczlx6ctvqpjstvrmmh
|
||||||
|
- &host_sphinx_lewd_wtf age1myz28jqex5kpcsjqg2a0la8cyuutzj4cxf53vs3v8ey6fqzvk3ws8z8k3h
|
||||||
creation_rules:
|
creation_rules:
|
||||||
# kinda.sus.lol
|
# kinda.sus.lol
|
||||||
- path_regex: hosts/kinda.sus.lol/secrets/.*
|
- path_regex: hosts/kinda.sus.lol/secrets/.*
|
||||||
|
@ -19,3 +21,15 @@ creation_rules:
|
||||||
- age:
|
- age:
|
||||||
- *admin_ecchi
|
- *admin_ecchi
|
||||||
- *host_nyx_lewd_wtf
|
- *host_nyx_lewd_wtf
|
||||||
|
# phoenix.lewd.wtf
|
||||||
|
- path_regex: hosts/phoenix.lewd.wtf/secrets/.*
|
||||||
|
key_groups:
|
||||||
|
- age:
|
||||||
|
- *admin_ecchi
|
||||||
|
- *host_phoenix_lewd_wtf
|
||||||
|
# sphinx.lewd.wtf
|
||||||
|
- path_regex: hosts/sphinx.lewd.wtf/secrets/.*
|
||||||
|
key_groups:
|
||||||
|
- age:
|
||||||
|
- *admin_ecchi
|
||||||
|
- *host_sphinx_lewd_wtf
|
||||||
|
|
|
@ -0,0 +1,33 @@
|
||||||
|
labels:
|
||||||
|
hostname: "nixos-x86-64"
|
||||||
|
|
||||||
|
variables: &nix-config
|
||||||
|
NIXOS_VERSION: "unstable"
|
||||||
|
NIXPKGS_ALLOW_UNFREE: "1"
|
||||||
|
NIXPKGS_ALLOW_INSECURE: "1"
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- name: Check Flake
|
||||||
|
image: nixlocal
|
||||||
|
entrypoint: ["/bin/sh", "-c"]
|
||||||
|
commands:
|
||||||
|
- nix-channel --add https://nixos.org/channels/nixos-$${NIXOS_VERSION} nixos
|
||||||
|
- nix-channel --update
|
||||||
|
- nix flake check
|
||||||
|
environment:
|
||||||
|
*nix-config
|
||||||
|
when:
|
||||||
|
- evaluate: 'CI_PIPELINE_EVENT != "cron" && CI_PIPELINE_EVENT != "schedule"'
|
||||||
|
|
||||||
|
- name: Deploy
|
||||||
|
image: nixlocal
|
||||||
|
commands:
|
||||||
|
- nix-env -iA nixos.openssh
|
||||||
|
- eval "$(ssh-agent -s)"
|
||||||
|
- echo $${SSH_PRIVATE_KEY}} | ssh-add -
|
||||||
|
- nix develop --command deploy
|
||||||
|
environment:
|
||||||
|
*nix-config
|
||||||
|
when:
|
||||||
|
- evaluate: 'CI_PIPELINE_EVENT != "cron" && CI_COMMIT_BRANCH == "master"'
|
||||||
|
|
|
@ -8,7 +8,7 @@
|
||||||
Type = "notify";
|
Type = "notify";
|
||||||
KillMode = "none";
|
KillMode = "none";
|
||||||
User = "root";
|
User = "root";
|
||||||
ExecStart = "${pkgs.rclone}/bin/rclone mount master:/mnt/data /var/www/mirror --allow-other --dir-cache-time=5m --log-level INFO --umask 002 --cache-dir /mnt/cache --vfs-cache-mode full --vfs-cache-max-age 72h0m0s --vfs-cache-max-size 5Gi";
|
ExecStart = "${pkgs.rclone}/bin/rclone mount master:/mnt/data /var/www/mirror --allow-other --dir-cache-time=5m --log-level INFO --umask 002 --cache-dir /mnt/cache --vfs-cache-mode full --vfs-cache-max-age 168h0m0s --vfs-cache-max-size 80Gi --vfs-fast-fingerprint";
|
||||||
ExecStop = "/run/wrappers/bin/fusermount -uz /var/www/mirror";
|
ExecStop = "/run/wrappers/bin/fusermount -uz /var/www/mirror";
|
||||||
Restart = "on-failure";
|
Restart = "on-failure";
|
||||||
Environment = [ "PATH=/run/wrappers/bin/:$PATH" ];
|
Environment = [ "PATH=/run/wrappers/bin/:$PATH" ];
|
||||||
|
|
|
@ -0,0 +1,23 @@
|
||||||
|
{ lib, fetchFromGitHub, buildGoModule }:
|
||||||
|
|
||||||
|
buildGoModule rec {
|
||||||
|
pname = "transfer.sh";
|
||||||
|
version = "1.6.1";
|
||||||
|
|
||||||
|
src = fetchFromGitHub {
|
||||||
|
owner = "dutchcoders";
|
||||||
|
repo = "transfer.sh";
|
||||||
|
rev = "v${version}";
|
||||||
|
hash = "sha256-V8E6RwzxKB6KeGPer5074e7y6XHn3ZD24PQMwTxw5lQ=";
|
||||||
|
};
|
||||||
|
|
||||||
|
vendorHash = "sha256-C8ZfUIGT9HiQQiJ2hk18uwGaQzNCIKp/Jiz6ePZkgDQ=";
|
||||||
|
|
||||||
|
meta = with lib; {
|
||||||
|
description = "Easy and fast file sharing and pastebin server with access from the command-line";
|
||||||
|
homepage = "https://github.com/dutchcoders/transfer.sh";
|
||||||
|
changelog = "https://github.com/dutchcoders/transfer.sh/releases";
|
||||||
|
license = licenses.mit;
|
||||||
|
maintainers = with maintainers; [ ecchibitionist ];
|
||||||
|
};
|
||||||
|
}
|
|
@ -0,0 +1,423 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
with lib;
|
||||||
|
|
||||||
|
let
|
||||||
|
cfg = config.services.transfer-sh;
|
||||||
|
package = pkgs.callPackage ../transfer-sh { };
|
||||||
|
in
|
||||||
|
{
|
||||||
|
options = {
|
||||||
|
services.transfer-sh = {
|
||||||
|
enable = mkEnableOption "transfer-sh setup";
|
||||||
|
|
||||||
|
# package = mkPackageOption pkgs "transfer-sh" { };
|
||||||
|
|
||||||
|
environmentFile = mkOption {
|
||||||
|
type = types.nullOr types.path;
|
||||||
|
default = null;
|
||||||
|
description = lib.mdDoc "Environment file as defined in {manpage}`systemd.exec(5)`.";
|
||||||
|
};
|
||||||
|
|
||||||
|
user = mkOption {
|
||||||
|
description = "user to run as";
|
||||||
|
default = "transfersh";
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
|
||||||
|
group = mkOption {
|
||||||
|
description = "group to run as";
|
||||||
|
default = "transfersh";
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
|
||||||
|
provider = mkOption {
|
||||||
|
description = "which storage provider to use (s3, storj, gdrive or local)";
|
||||||
|
default = "local";
|
||||||
|
type = types.enum [ "s3" "storj" "gdrive" "local" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
address = mkOption {
|
||||||
|
description = "address to listen on";
|
||||||
|
default = "127.0.0.1";
|
||||||
|
type = types.str;
|
||||||
|
};
|
||||||
|
|
||||||
|
openFirewall = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = false;
|
||||||
|
description = "Open the firewall port";
|
||||||
|
};
|
||||||
|
|
||||||
|
LISTENER = mkOption {
|
||||||
|
description = "port to use for http";
|
||||||
|
default = 6080;
|
||||||
|
type = types.port;
|
||||||
|
};
|
||||||
|
|
||||||
|
PROFILE_LISTENER = mkOption {
|
||||||
|
description = "port to use for profiler";
|
||||||
|
default = 6060;
|
||||||
|
type = types.nullOr types.port;
|
||||||
|
};
|
||||||
|
|
||||||
|
FORCE_HTTPS = mkOption {
|
||||||
|
description = "redirect to https";
|
||||||
|
default = false;
|
||||||
|
type = types.nullOr types.bool;
|
||||||
|
};
|
||||||
|
|
||||||
|
TLS_LISTENER = mkOption {
|
||||||
|
description = "port to use for https";
|
||||||
|
default = null;
|
||||||
|
type = types.nullOr types.port;
|
||||||
|
};
|
||||||
|
|
||||||
|
TLS_LISTENER_ONLY = mkOption {
|
||||||
|
description = "flag to enable tls listener only";
|
||||||
|
default = false;
|
||||||
|
type = types.nullOr types.bool;
|
||||||
|
};
|
||||||
|
|
||||||
|
TLS_CERT_FILE = mkOption {
|
||||||
|
description = "path to tls certificate";
|
||||||
|
default = null;
|
||||||
|
type = types.nullOr types.path;
|
||||||
|
};
|
||||||
|
|
||||||
|
TLS_PRIVATE_KEY = mkOption {
|
||||||
|
description = "path to tls private key";
|
||||||
|
default = null;
|
||||||
|
type = types.nullOr types.path;
|
||||||
|
};
|
||||||
|
|
||||||
|
HTTP_AUTH_USER = mkOption {
|
||||||
|
description = "user for basic http auth on upload";
|
||||||
|
default = null;
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
};
|
||||||
|
|
||||||
|
HTTP_AUTH_PASS = mkOption {
|
||||||
|
description = "pass for basic http auth on upload";
|
||||||
|
default = null;
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
};
|
||||||
|
|
||||||
|
HTTP_AUTH_HTPASSWD = mkOption {
|
||||||
|
description = "htpasswd file path for basic http auth on upload";
|
||||||
|
default = null;
|
||||||
|
type = types.nullOr types.path;
|
||||||
|
};
|
||||||
|
|
||||||
|
HTTP_AUTH_IP_WHITELIST = mkOption {
|
||||||
|
description = "comma separated list of ips allowed to upload without being challenged an http auth";
|
||||||
|
default = [ ];
|
||||||
|
type = with types; listOf str;
|
||||||
|
};
|
||||||
|
|
||||||
|
IP_WHITELIST = mkOption {
|
||||||
|
description = "comma separated list of ips allowed to connect to the service";
|
||||||
|
default = [ ];
|
||||||
|
type = with types; listOf str;
|
||||||
|
};
|
||||||
|
|
||||||
|
IP_BLACKLIST = mkOption {
|
||||||
|
description = "comma separated list of ips not allowed to connect to the service";
|
||||||
|
default = [ ];
|
||||||
|
type = with types; listOf str;
|
||||||
|
};
|
||||||
|
|
||||||
|
TEMP_PATH = mkOption {
|
||||||
|
description = "path to temp folder";
|
||||||
|
default = null;
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
};
|
||||||
|
|
||||||
|
WEB_PATH = mkOption {
|
||||||
|
description = "path to static web files (for development or custom front end)";
|
||||||
|
default = null;
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
};
|
||||||
|
|
||||||
|
PROXY_PATH = mkOption {
|
||||||
|
description = "path prefix when service is run behind a proxy";
|
||||||
|
default = null;
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
};
|
||||||
|
|
||||||
|
PROXY_PORT = mkOption {
|
||||||
|
description = "port of the proxy when the service is run behind a proxy";
|
||||||
|
default = null;
|
||||||
|
type = types.nullOr types.port;
|
||||||
|
};
|
||||||
|
|
||||||
|
EMAIL_CONTACT = mkOption {
|
||||||
|
description = "email contact for the front end";
|
||||||
|
default = null;
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
};
|
||||||
|
|
||||||
|
GA_KEY = mkOption {
|
||||||
|
description = "google analytics key for the front end";
|
||||||
|
default = null;
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
};
|
||||||
|
|
||||||
|
USERVOICE_KEY = mkOption {
|
||||||
|
description = "user voice key for the front end";
|
||||||
|
default = null;
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
};
|
||||||
|
|
||||||
|
AWS_ACCESS_KEY = mkOption {
|
||||||
|
description = "aws access key";
|
||||||
|
default = null;
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
};
|
||||||
|
|
||||||
|
AWS_SECRET_KEY = mkOption {
|
||||||
|
description = "aws access key";
|
||||||
|
default = null;
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
};
|
||||||
|
|
||||||
|
BUCKET = mkOption {
|
||||||
|
description = "aws bucket";
|
||||||
|
default = null;
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
};
|
||||||
|
|
||||||
|
S3_ENDPOINT = mkOption {
|
||||||
|
description = "Custom S3 endpoint.";
|
||||||
|
default = null;
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
};
|
||||||
|
|
||||||
|
S3_REGION = mkOption {
|
||||||
|
description = "region of the s3 bucket";
|
||||||
|
default = "eu-west-1";
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
};
|
||||||
|
|
||||||
|
S3_NO_MULTIPART = mkOption {
|
||||||
|
description = "disables s3 multipart upload";
|
||||||
|
default = false;
|
||||||
|
type = types.nullOr types.bool;
|
||||||
|
};
|
||||||
|
|
||||||
|
S3_PATH_STYLE = mkOption {
|
||||||
|
description = "Forces path style URLs, required for Minio.";
|
||||||
|
default = false;
|
||||||
|
type = types.nullOr types.bool;
|
||||||
|
};
|
||||||
|
|
||||||
|
STORJ_ACCESS = mkOption {
|
||||||
|
description = "Access for the project";
|
||||||
|
default = null;
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
};
|
||||||
|
|
||||||
|
STORJ_BUCKET = mkOption {
|
||||||
|
description = "Bucket to use within the project";
|
||||||
|
default = null;
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
};
|
||||||
|
|
||||||
|
BASEDIR = mkOption {
|
||||||
|
description = "path storage for local/gdrive provider";
|
||||||
|
default = "${cfg.stateDir}/store";
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
};
|
||||||
|
|
||||||
|
GDRIVE_CLIENT_JSON_FILEPATH = mkOption {
|
||||||
|
description = "path to oauth client json config for gdrive provider";
|
||||||
|
default = null;
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
};
|
||||||
|
|
||||||
|
GDRIVE_LOCAL_CONFIG_PATH = mkOption {
|
||||||
|
description = "path to store local transfer.sh config cache for gdrive provider";
|
||||||
|
default = null;
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
};
|
||||||
|
|
||||||
|
GDRIVE_CHUNK_SIZE = mkOption {
|
||||||
|
description = "chunk size for gdrive upload in megabytes, must be lower than available memory (8 MB)";
|
||||||
|
default = null;
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
};
|
||||||
|
|
||||||
|
HOSTS = mkOption {
|
||||||
|
description = "hosts to use for lets encrypt certificates (comma seperated)";
|
||||||
|
default = null;
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
};
|
||||||
|
|
||||||
|
LOG = mkOption {
|
||||||
|
description = "path to log file";
|
||||||
|
default = "${cfg.stateDir}/transfer-sh.log";
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
};
|
||||||
|
|
||||||
|
CORS_DOMAINS = mkOption {
|
||||||
|
description = "comma separated list of domains for CORS, setting it enable CORS";
|
||||||
|
default = null;
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
};
|
||||||
|
|
||||||
|
CLAMAV_HOST = mkOption {
|
||||||
|
description = "host for clamav feature";
|
||||||
|
default = null;
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
};
|
||||||
|
|
||||||
|
PERFORM_CLAMAV_PRESCAN = mkOption {
|
||||||
|
description = "prescan every upload through clamav feature (clamav-host must be a local clamd unix socket)";
|
||||||
|
default = false;
|
||||||
|
type = types.nullOr types.bool;
|
||||||
|
};
|
||||||
|
|
||||||
|
RATE_LIMIT = mkOption {
|
||||||
|
description = "request per minute";
|
||||||
|
default = null;
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
};
|
||||||
|
|
||||||
|
MAX_UPLOAD_SIZE = mkOption {
|
||||||
|
description = "max upload size in kilobytes";
|
||||||
|
default = null;
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
};
|
||||||
|
|
||||||
|
PURGE_DAYS = mkOption {
|
||||||
|
description = "number of days after the uploads are purged automatically";
|
||||||
|
default = "7";
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
};
|
||||||
|
|
||||||
|
PURGE_INTERVAL = mkOption {
|
||||||
|
description = "interval in hours to run the automatic purge for (not applicable to S3 and Storj)";
|
||||||
|
default = 1;
|
||||||
|
type = types.nullOr types.int;
|
||||||
|
};
|
||||||
|
|
||||||
|
RANDOM_TOKEN_LENGTH = mkOption {
|
||||||
|
description = "length of the random token for the upload path (double the size for delete path)";
|
||||||
|
default = "6";
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
};
|
||||||
|
|
||||||
|
stateDir = mkOption {
|
||||||
|
type = types.path;
|
||||||
|
description = "Variable state directory";
|
||||||
|
default = "/var/lib/transfer.sh";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = mkIf cfg.enable
|
||||||
|
{
|
||||||
|
users.users = mkIf (cfg.user == "transfersh") {
|
||||||
|
transfersh = {
|
||||||
|
description = "transfer-sh service user";
|
||||||
|
home = cfg.stateDir;
|
||||||
|
group = cfg.group;
|
||||||
|
isSystemUser = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
users.groups = mkIf (cfg.group == "transfersh") { transfersh = { }; };
|
||||||
|
|
||||||
|
systemd.tmpfiles.rules = [
|
||||||
|
"d ${cfg.stateDir} 0750 ${cfg.user} ${cfg.group} - -"
|
||||||
|
"d ${cfg.BASEDIR} 0750 ${cfg.user} ${cfg.group} - -"
|
||||||
|
];
|
||||||
|
|
||||||
|
systemd.services.transfer-sh = {
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
after = [ "network.target" ];
|
||||||
|
serviceConfig = {
|
||||||
|
User = cfg.user;
|
||||||
|
Group = cfg.group;
|
||||||
|
ExecStart = "${lib.getExe package} --provider=${cfg.provider}";
|
||||||
|
EnvironmentFile = lib.mkIf (cfg.environmentFile != null) cfg.environmentFile;
|
||||||
|
};
|
||||||
|
|
||||||
|
environment =
|
||||||
|
{
|
||||||
|
LISTENER = "${cfg.address}:${toString cfg.LISTENER}";
|
||||||
|
PROFILE_LISTENER = toString cfg.PROFILE_LISTENER;
|
||||||
|
HTTP_AUTH_USER = cfg.HTTP_AUTH_USER;
|
||||||
|
HTTP_AUTH_PASS = cfg.HTTP_AUTH_PASS;
|
||||||
|
HTTP_AUTH_HTPASSWD = cfg.HTTP_AUTH_HTPASSWD;
|
||||||
|
HTTP_AUTH_IP_WHITELIST = concatStringsSep "," cfg.HTTP_AUTH_IP_WHITELIST;
|
||||||
|
IP_WHITELIST = concatStringsSep "," cfg.IP_WHITELIST;
|
||||||
|
IP_BLACKLIST = concatStringsSep "," cfg.IP_BLACKLIST;
|
||||||
|
TEMP_PATH = cfg.TEMP_PATH;
|
||||||
|
WEB_PATH = cfg.WEB_PATH;
|
||||||
|
PROXY_PATH = cfg.PROXY_PATH;
|
||||||
|
PROXY_PORT = toString cfg.PROXY_PORT;
|
||||||
|
EMAIL_CONTACT = cfg.EMAIL_CONTACT;
|
||||||
|
GA_KEY = cfg.GA_KEY;
|
||||||
|
USERVOICE_KEY = cfg.USERVOICE_KEY;
|
||||||
|
HOSTS = cfg.HOSTS;
|
||||||
|
LOG = cfg.LOG;
|
||||||
|
CORS_DOMAINS = cfg.CORS_DOMAINS;
|
||||||
|
CLAMAV_HOST = cfg.CLAMAV_HOST;
|
||||||
|
PERFORM_CLAMAV_PRESCAN = lib.boolToString cfg.PERFORM_CLAMAV_PRESCAN;
|
||||||
|
RATE_LIMIT = cfg.RATE_LIMIT;
|
||||||
|
MAX_UPLOAD_SIZE = cfg.MAX_UPLOAD_SIZE;
|
||||||
|
PURGE_DAYS = cfg.PURGE_DAYS;
|
||||||
|
RANDOM_TOKEN_LENGTH = cfg.RANDOM_TOKEN_LENGTH;
|
||||||
|
BASEDIR = cfg.BASEDIR;
|
||||||
|
PURGE_INTERVAL = toString cfg.PURGE_INTERVAL;
|
||||||
|
} // lib.optionalAttrs (cfg.provider == "s3") {
|
||||||
|
# Options specific to s3 backend
|
||||||
|
AWS_ACCESS_KEY = cfg.AWS_ACCESS_KEY;
|
||||||
|
AWS_SECRET_KEY = cfg.AWS_SECRET_KEY;
|
||||||
|
BUCKET = cfg.BUCKET;
|
||||||
|
S3_REGION = cfg.S3_REGION;
|
||||||
|
S3_ENDPOINT = cfg.S3_ENDPOINT;
|
||||||
|
S3_NO_MULTIPART = lib.boolToString cfg.S3_NO_MULTIPART;
|
||||||
|
S3_PATH_STYLE = lib.boolToString cfg.S3_PATH_STYLE;
|
||||||
|
} // lib.optionalAttrs (cfg.provider == "storj") {
|
||||||
|
# Options specific to storj backend
|
||||||
|
STORJ_ACCESS = cfg.STORJ_ACCESS;
|
||||||
|
STORJ_BUCKET = cfg.STORJ_BUCKET;
|
||||||
|
} // lib.optionalAttrs (cfg.provider == "gdrive") {
|
||||||
|
# Options specific to google drive backend
|
||||||
|
GDRIVE_CLIENT_JSON_FILEPATH = cfg.GDRIVE_CLIENT_JSON_FILEPATH;
|
||||||
|
GDRIVE_LOCAL_CONFIG_PATH = cfg.GDRIVE_LOCAL_CONFIG_PATH;
|
||||||
|
GDRIVE_CHUNK_SIZE = cfg.GDRIVE_CHUNK_SIZE;
|
||||||
|
} // lib.optionalAttrs (cfg.TLS_LISTENER != null) {
|
||||||
|
# TLS specific options
|
||||||
|
TLS_LISTENER = "${cfg.address}:${toString cfg.TLS_LISTENER}";
|
||||||
|
TLS_LISTENER_ONLY = lib.boolToString cfg.TLS_LISTENER_ONLY;
|
||||||
|
TLS_CERT_FILE = cfg.TLS_CERT_FILE;
|
||||||
|
TLS_PRIVATE_KEY = cfg.TLS_PRIVATE_KEY;
|
||||||
|
FORCE_HTTPS = lib.boolToString cfg.FORCE_HTTPS;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
networking.firewall.allowedTCPPorts = lib.mkIf cfg.openFirewall
|
||||||
|
([ cfg.LISTENER cfg.PROFILE_LISTENER ] ++ optionals (cfg.TLS_LISTENER != null) [ cfg.TLS_LISTENER ]);
|
||||||
|
|
||||||
|
warnings =
|
||||||
|
let
|
||||||
|
sensitiveVars = [
|
||||||
|
"GA_KEY"
|
||||||
|
"HTTP_AUTH_PASS"
|
||||||
|
"USERVOICE_KEY"
|
||||||
|
"AWS_SECRET_KEY"
|
||||||
|
"STORJ_ACCESS"
|
||||||
|
];
|
||||||
|
in
|
||||||
|
|
||||||
|
lib.lists.forEach (filter (i: cfg."${i}" != null) sensitiveVars) (x:
|
||||||
|
''
|
||||||
|
config.services.transfer-sh.${x} will be stored as plaintext in the Nix store.
|
||||||
|
Use services.transfer-sh.environmentFile instead to prevent this.
|
||||||
|
''
|
||||||
|
);
|
||||||
|
};
|
||||||
|
meta.maintainers = with lib.maintainers; [ pinpox ];
|
||||||
|
}
|
203
flake.lock
203
flake.lock
|
@ -1,19 +1,62 @@
|
||||||
{
|
{
|
||||||
"nodes": {
|
"nodes": {
|
||||||
|
"attic": {
|
||||||
|
"inputs": {
|
||||||
|
"crane": "crane",
|
||||||
|
"flake-compat": "flake-compat",
|
||||||
|
"flake-utils": "flake-utils",
|
||||||
|
"nixpkgs": "nixpkgs",
|
||||||
|
"nixpkgs-stable": "nixpkgs-stable"
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1711742460,
|
||||||
|
"narHash": "sha256-0O4v6e4a1toxXZ2gf5INhg4WPE5C5T+SVvsBt+45Mcc=",
|
||||||
|
"owner": "zhaofengli",
|
||||||
|
"repo": "attic",
|
||||||
|
"rev": "4dbdbee45728d8ce5788db6461aaaa89d98081f0",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "zhaofengli",
|
||||||
|
"repo": "attic",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"crane": {
|
||||||
|
"inputs": {
|
||||||
|
"nixpkgs": [
|
||||||
|
"attic",
|
||||||
|
"nixpkgs"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1702918879,
|
||||||
|
"narHash": "sha256-tWJqzajIvYcaRWxn+cLUB9L9Pv4dQ3Bfit/YjU5ze3g=",
|
||||||
|
"owner": "ipetkov",
|
||||||
|
"repo": "crane",
|
||||||
|
"rev": "7195c00c272fdd92fc74e7d5a0a2844b9fadb2fb",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "ipetkov",
|
||||||
|
"repo": "crane",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
"deploy-rs": {
|
"deploy-rs": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"flake-compat": "flake-compat",
|
"flake-compat": "flake-compat_2",
|
||||||
"nixpkgs": [
|
"nixpkgs": [
|
||||||
"nixpkgs"
|
"nixpkgs"
|
||||||
],
|
],
|
||||||
"utils": "utils"
|
"utils": "utils"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1674127017,
|
"lastModified": 1715699772,
|
||||||
"narHash": "sha256-QO1xF7stu5ZMDLbHN30LFolMAwY6TVlzYvQoUs1RD68=",
|
"narHash": "sha256-sKhqIgucN5sI/7UQgBwsonzR4fONjfMr9OcHK/vPits=",
|
||||||
"owner": "serokell",
|
"owner": "serokell",
|
||||||
"repo": "deploy-rs",
|
"repo": "deploy-rs",
|
||||||
"rev": "8c9ea9605eed20528bf60fae35a2b613b901fd77",
|
"rev": "b3ea6f333f9057b77efd9091119ba67089399ced",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -25,11 +68,11 @@
|
||||||
"flake-compat": {
|
"flake-compat": {
|
||||||
"flake": false,
|
"flake": false,
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1668681692,
|
"lastModified": 1673956053,
|
||||||
"narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
|
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
|
||||||
"owner": "edolstra",
|
"owner": "edolstra",
|
||||||
"repo": "flake-compat",
|
"repo": "flake-compat",
|
||||||
"rev": "009399224d5e398d03b22badca40a37ac85412a1",
|
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -38,13 +81,92 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"flake-compat_2": {
|
||||||
|
"flake": false,
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1696426674,
|
||||||
|
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
|
||||||
|
"owner": "edolstra",
|
||||||
|
"repo": "flake-compat",
|
||||||
|
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "edolstra",
|
||||||
|
"repo": "flake-compat",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"flake-utils": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1667395993,
|
||||||
|
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
|
||||||
|
"owner": "numtide",
|
||||||
|
"repo": "flake-utils",
|
||||||
|
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "numtide",
|
||||||
|
"repo": "flake-utils",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1681217261,
|
"lastModified": 1711401922,
|
||||||
"narHash": "sha256-RbxCHWN3Vhyv/WEsXcJlDwF7bpvZ9NxDjfSouQxXEKo=",
|
"narHash": "sha256-QoQqXoj8ClGo0sqD/qWKFWezgEwUL0SUh37/vY2jNhc=",
|
||||||
|
"owner": "NixOS",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"rev": "07262b18b97000d16a4bdb003418bd2fb067a932",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "NixOS",
|
||||||
|
"ref": "nixpkgs-unstable",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"nixpkgs-stable": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1711460390,
|
||||||
|
"narHash": "sha256-akSgjDZL6pVHEfSE6sz1DNSXuYX6hq+P/1Z5IoYWs7E=",
|
||||||
|
"owner": "NixOS",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"rev": "44733514b72e732bd49f5511bd0203dea9b9a434",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "NixOS",
|
||||||
|
"ref": "nixos-23.11",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"nixpkgs-stable_2": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1716655032,
|
||||||
|
"narHash": "sha256-kQ25DAiCGigsNR/Quxm3v+JGXAEXZ8I7RAF4U94bGzE=",
|
||||||
|
"owner": "NixOS",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"rev": "59a450646ec8ee0397f5fa54a08573e8240eb91f",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "NixOS",
|
||||||
|
"ref": "release-23.11",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"nixpkgs_2": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1716769173,
|
||||||
|
"narHash": "sha256-7EXDb5WBw+d004Agt+JHC/Oyh/KTUglOaQ4MNjBbo5w=",
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "3fb8eedc450286d5092e4953118212fa21091b3b",
|
"rev": "9ca3f649614213b2aaf5f1e16ec06952fe4c2632",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -54,26 +176,11 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nixpkgs-stable": {
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1681005198,
|
|
||||||
"narHash": "sha256-5LrnBeXR7Hv8OXh6eany7br4qBW+ZNl4LKf1CJu9zbg=",
|
|
||||||
"owner": "NixOS",
|
|
||||||
"repo": "nixpkgs",
|
|
||||||
"rev": "e45cc0138829ad86e7ff17a76acf2d05e781e30a",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "NixOS",
|
|
||||||
"ref": "release-22.11",
|
|
||||||
"repo": "nixpkgs",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"root": {
|
"root": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
|
"attic": "attic",
|
||||||
"deploy-rs": "deploy-rs",
|
"deploy-rs": "deploy-rs",
|
||||||
"nixpkgs": "nixpkgs",
|
"nixpkgs": "nixpkgs_2",
|
||||||
"sops-nix": "sops-nix",
|
"sops-nix": "sops-nix",
|
||||||
"utils": "utils_2"
|
"utils": "utils_2"
|
||||||
}
|
}
|
||||||
|
@ -83,14 +190,14 @@
|
||||||
"nixpkgs": [
|
"nixpkgs": [
|
||||||
"nixpkgs"
|
"nixpkgs"
|
||||||
],
|
],
|
||||||
"nixpkgs-stable": "nixpkgs-stable"
|
"nixpkgs-stable": "nixpkgs-stable_2"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1681209176,
|
"lastModified": 1716692524,
|
||||||
"narHash": "sha256-wyQokPpkNZnsl/bVf8m1428tfA0hJ0w/qexq4EizhTc=",
|
"narHash": "sha256-sALodaA7Zkp/JD6ehgwc0UCBrSBfB4cX66uFGTsqeFU=",
|
||||||
"owner": "Mic92",
|
"owner": "Mic92",
|
||||||
"repo": "sops-nix",
|
"repo": "sops-nix",
|
||||||
"rev": "00d5fd73756d424de5263b92235563bc06f2c6e1",
|
"rev": "962797a8d7f15ed7033031731d0bb77244839960",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -114,13 +221,31 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"utils": {
|
"systems_2": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1667395993,
|
"lastModified": 1681028828,
|
||||||
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
|
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
||||||
|
"owner": "nix-systems",
|
||||||
|
"repo": "default",
|
||||||
|
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "nix-systems",
|
||||||
|
"repo": "default",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"utils": {
|
||||||
|
"inputs": {
|
||||||
|
"systems": "systems"
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1701680307,
|
||||||
|
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
|
||||||
"owner": "numtide",
|
"owner": "numtide",
|
||||||
"repo": "flake-utils",
|
"repo": "flake-utils",
|
||||||
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
|
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -131,14 +256,14 @@
|
||||||
},
|
},
|
||||||
"utils_2": {
|
"utils_2": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"systems": "systems"
|
"systems": "systems_2"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1681202837,
|
"lastModified": 1710146030,
|
||||||
"narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=",
|
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
|
||||||
"owner": "numtide",
|
"owner": "numtide",
|
||||||
"repo": "flake-utils",
|
"repo": "flake-utils",
|
||||||
"rev": "cfacdce06f30d2b68473a46042957675eebb3401",
|
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
135
flake.nix
135
flake.nix
|
@ -1,64 +1,33 @@
|
||||||
{
|
{
|
||||||
inputs = {
|
inputs = {
|
||||||
|
attic = { url = "github:zhaofengli/attic"; };
|
||||||
nixpkgs = { url = "github:nixos/nixpkgs/nixos-unstable"; };
|
nixpkgs = { url = "github:nixos/nixpkgs/nixos-unstable"; };
|
||||||
deploy-rs = { url = "github:serokell/deploy-rs"; inputs.nixpkgs.follows = "nixpkgs"; };
|
deploy-rs = { url = "github:serokell/deploy-rs"; inputs.nixpkgs.follows = "nixpkgs"; };
|
||||||
utils = { url = "github:numtide/flake-utils"; };
|
utils = { url = "github:numtide/flake-utils"; };
|
||||||
sops-nix = { url = "github:Mic92/sops-nix"; inputs.nixpkgs.follows = "nixpkgs"; };
|
sops-nix = { url = "github:Mic92/sops-nix"; inputs.nixpkgs.follows = "nixpkgs"; };
|
||||||
};
|
};
|
||||||
|
|
||||||
outputs = { self, nixpkgs, deploy-rs, utils, sops-nix, ... }@inputs:
|
outputs = { self, attic, nixpkgs, deploy-rs, utils, sops-nix, ... }@inputs:
|
||||||
{
|
{
|
||||||
nixosConfigurations = {
|
nixosConfigurations = {
|
||||||
"fsn1-1.mirror.lewd.wtf" = nixpkgs.lib.nixosSystem {
|
"phoenix.lewd.wtf" = nixpkgs.lib.nixosSystem {
|
||||||
system = "x86_64-linux";
|
system = "x86_64-linux";
|
||||||
specialArgs = { inherit inputs self; };
|
specialArgs = { inherit inputs self; };
|
||||||
modules = [
|
modules = [
|
||||||
sops-nix.nixosModules.sops
|
sops-nix.nixosModules.sops
|
||||||
./default.nix
|
./default.nix
|
||||||
./hosts/fsn1-1.mirror.lewd.wtf/configuration.nix
|
./hosts/phoenix.lewd.wtf/configuration.nix
|
||||||
./deployments/mirror/default.nix
|
attic.nixosModules.atticd
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
"ash1-1.mirror.lewd.wtf" = nixpkgs.lib.nixosSystem {
|
"sphinx.lewd.wtf" = nixpkgs.lib.nixosSystem {
|
||||||
system = "x86_64-linux";
|
system = "x86_64-linux";
|
||||||
specialArgs = { inherit inputs self; };
|
specialArgs = { inherit inputs self; };
|
||||||
modules = [
|
modules = [
|
||||||
sops-nix.nixosModules.sops
|
sops-nix.nixosModules.sops
|
||||||
./default.nix
|
./default.nix
|
||||||
./hosts/ash1-1.mirror.lewd.wtf/configuration.nix
|
./hosts/sphinx.lewd.wtf/configuration.nix
|
||||||
./deployments/mirror/default.nix
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
"hil1-1.mirror.lewd.wtf" = nixpkgs.lib.nixosSystem {
|
|
||||||
system = "x86_64-linux";
|
|
||||||
specialArgs = { inherit inputs self; };
|
|
||||||
modules = [
|
|
||||||
sops-nix.nixosModules.sops
|
|
||||||
./default.nix
|
|
||||||
./hosts/hil1-1.mirror.lewd.wtf/configuration.nix
|
|
||||||
./deployments/mirror/default.nix
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
"master.mirror.lewd.wtf" = nixpkgs.lib.nixosSystem {
|
|
||||||
system = "x86_64-linux";
|
|
||||||
specialArgs = { inherit inputs self; };
|
|
||||||
modules = [
|
|
||||||
sops-nix.nixosModules.sops
|
|
||||||
./default.nix
|
|
||||||
./hosts/master.mirror.lewd.wtf/configuration.nix
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
"nyx.lewd.wtf" = nixpkgs.lib.nixosSystem {
|
|
||||||
system = "x86_64-linux";
|
|
||||||
specialArgs = { inherit inputs self; };
|
|
||||||
modules = [
|
|
||||||
sops-nix.nixosModules.sops
|
|
||||||
./default.nix
|
|
||||||
./hosts/nyx.lewd.wtf/configuration.nix
|
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -72,13 +41,23 @@
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
"kitty.elmosco.lewd.wtf" = nixpkgs.lib.nixosSystem {
|
"rene.elmosco.lewd.wtf" = nixpkgs.lib.nixosSystem {
|
||||||
system = "x86_64-linux";
|
system = "x86_64-linux";
|
||||||
specialArgs = { inherit inputs self; };
|
specialArgs = { inherit inputs self; };
|
||||||
modules = [
|
modules = [
|
||||||
sops-nix.nixosModules.sops
|
sops-nix.nixosModules.sops
|
||||||
./default.nix
|
./default.nix
|
||||||
./hosts/seedbox/kitty/configuration.nix
|
./hosts/seedbox/rene/configuration.nix
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
"reject.elmosco.lewd.wtf" = nixpkgs.lib.nixosSystem {
|
||||||
|
system = "x86_64-linux";
|
||||||
|
specialArgs = { inherit inputs self; };
|
||||||
|
modules = [
|
||||||
|
sops-nix.nixosModules.sops
|
||||||
|
./default.nix
|
||||||
|
./hosts/seedbox/reject/configuration.nix
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -94,71 +73,30 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
deploy.nodes = {
|
deploy.nodes = {
|
||||||
"fsn1-1.mirror.lewd.wtf" = {
|
"phoenix.lewd.wtf" = {
|
||||||
sshOpts = [ "-p" "222" "-o" "StrictHostKeyChecking=no" ];
|
sshOpts = [ "-p" "222" "-o" "StrictHostKeyChecking=no" ];
|
||||||
hostname = "fsn1-1.mirror.lewd.wtf";
|
hostname = "192.168.0.42";
|
||||||
fastConnection = true;
|
fastConnection = true;
|
||||||
|
|
||||||
profiles.system = {
|
profiles.system = {
|
||||||
sshUser = "root";
|
sshUser = "root";
|
||||||
path =
|
path =
|
||||||
deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations."fsn1-1.mirror.lewd.wtf";
|
deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations."phoenix.lewd.wtf";
|
||||||
user = "root";
|
user = "root";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
"sphinx.lewd.wtf" = {
|
||||||
"ash1-1.mirror.lewd.wtf" = {
|
|
||||||
sshOpts = [ "-p" "222" "-o" "StrictHostKeyChecking=no" ];
|
sshOpts = [ "-p" "222" "-o" "StrictHostKeyChecking=no" ];
|
||||||
hostname = "ash1-1.mirror.lewd.wtf";
|
hostname = "sphinx.lewd.wtf";
|
||||||
fastConnection = true;
|
fastConnection = true;
|
||||||
|
|
||||||
profiles.system = {
|
profiles.system = {
|
||||||
sshUser = "root";
|
sshUser = "root";
|
||||||
path =
|
path =
|
||||||
deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations."ash1-1.mirror.lewd.wtf";
|
deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations."sphinx.lewd.wtf";
|
||||||
user = "root";
|
user = "root";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
"hil1-1.mirror.lewd.wtf" = {
|
|
||||||
sshOpts = [ "-p" "222" "-o" "StrictHostKeyChecking=no" ];
|
|
||||||
hostname = "hil1-1.mirror.lewd.wtf";
|
|
||||||
fastConnection = true;
|
|
||||||
|
|
||||||
profiles.system = {
|
|
||||||
sshUser = "root";
|
|
||||||
path =
|
|
||||||
deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations."hil1-1.mirror.lewd.wtf";
|
|
||||||
user = "root";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
"master.mirror.lewd.wtf" = {
|
|
||||||
sshOpts = [ "-p" "222" "-o" "StrictHostKeyChecking=no" ];
|
|
||||||
hostname = "master.mirror.lewd.wtf";
|
|
||||||
fastConnection = true;
|
|
||||||
|
|
||||||
profiles.system = {
|
|
||||||
sshUser = "root";
|
|
||||||
path =
|
|
||||||
deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations."master.mirror.lewd.wtf";
|
|
||||||
user = "root";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
"nyx.lewd.wtf" = {
|
|
||||||
sshOpts = [ "-p" "222" "-o" "StrictHostKeyChecking=no" ];
|
|
||||||
hostname = "192.168.0.10";
|
|
||||||
fastConnection = true;
|
|
||||||
|
|
||||||
profiles.system = {
|
|
||||||
sshUser = "root";
|
|
||||||
path =
|
|
||||||
deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations."nyx.lewd.wtf";
|
|
||||||
user = "root";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
"aztul.elmosco.lewd.wtf" = {
|
"aztul.elmosco.lewd.wtf" = {
|
||||||
sshOpts = [ "-p" "22111" "-o" "StrictHostKeyChecking=no" ];
|
sshOpts = [ "-p" "22111" "-o" "StrictHostKeyChecking=no" ];
|
||||||
hostname = "aztul.elmosco.lewd.wtf";
|
hostname = "aztul.elmosco.lewd.wtf";
|
||||||
|
@ -172,15 +110,28 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
"kitty.elmosco.lewd.wtf" = {
|
"rene.elmosco.lewd.wtf" = {
|
||||||
sshOpts = [ "-p" "22105" "-o" "StrictHostKeyChecking=no" ];
|
sshOpts = [ "-p" "22113" "-o" "StrictHostKeyChecking=no" ];
|
||||||
hostname = "kitty.elmosco.lewd.wtf";
|
hostname = "rene.elmosco.lewd.wtf";
|
||||||
fastConnection = true;
|
fastConnection = true;
|
||||||
|
|
||||||
profiles.system = {
|
profiles.system = {
|
||||||
sshUser = "root";
|
sshUser = "root";
|
||||||
path =
|
path =
|
||||||
deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations."kitty.elmosco.lewd.wtf";
|
deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations."rene.elmosco.lewd.wtf";
|
||||||
|
user = "root";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
"reject.elmosco.lewd.wtf" = {
|
||||||
|
sshOpts = [ "-p" "22104" "-o" "StrictHostKeyChecking=no" ];
|
||||||
|
hostname = "reject.elmosco.lewd.wtf";
|
||||||
|
fastConnection = true;
|
||||||
|
|
||||||
|
profiles.system = {
|
||||||
|
sshUser = "root";
|
||||||
|
path =
|
||||||
|
deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations."reject.elmosco.lewd.wtf";
|
||||||
user = "root";
|
user = "root";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,20 +0,0 @@
|
||||||
{ self, config, pkgs, ... }:
|
|
||||||
{
|
|
||||||
imports = [
|
|
||||||
./hardware-configuration.nix
|
|
||||||
];
|
|
||||||
|
|
||||||
variables.hostName = "ash1-1";
|
|
||||||
variables.domain = "mirror.lewd.wtf";
|
|
||||||
|
|
||||||
networking.hostName = "${config.variables.hostName}";
|
|
||||||
networking.domain = "${config.variables.domain}";
|
|
||||||
|
|
||||||
boot.loader.grub = {
|
|
||||||
enable = true;
|
|
||||||
efiSupport = false;
|
|
||||||
devices = [ "/dev/sda" ];
|
|
||||||
};
|
|
||||||
|
|
||||||
system.stateVersion = "22.11";
|
|
||||||
}
|
|
|
@ -4,5 +4,6 @@
|
||||||
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
|
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
|
||||||
boot.initrd.kernelModules = [ "nvme" ];
|
boot.initrd.kernelModules = [ "nvme" ];
|
||||||
fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; };
|
fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; };
|
||||||
|
fileSystems."/mnt/cache" = { device = "/dev/disk/by-label/mirror_cache"; fsType = "ext4"; };
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,20 +0,0 @@
|
||||||
{ self, config, pkgs, ... }:
|
|
||||||
{
|
|
||||||
imports = [
|
|
||||||
./hardware-configuration.nix
|
|
||||||
];
|
|
||||||
|
|
||||||
variables.hostName = "hil1-1";
|
|
||||||
variables.domain = "mirror.lewd.wtf";
|
|
||||||
|
|
||||||
networking.hostName = "${config.variables.hostName}";
|
|
||||||
networking.domain = "${config.variables.domain}";
|
|
||||||
|
|
||||||
boot.loader.grub = {
|
|
||||||
enable = true;
|
|
||||||
efiSupport = false;
|
|
||||||
devices = [ "/dev/sda" ];
|
|
||||||
};
|
|
||||||
|
|
||||||
system.stateVersion = "22.11";
|
|
||||||
}
|
|
|
@ -1,8 +0,0 @@
|
||||||
{ modulesPath, ... }:
|
|
||||||
{
|
|
||||||
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
|
|
||||||
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
|
|
||||||
boot.initrd.kernelModules = [ "nvme" ];
|
|
||||||
fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; };
|
|
||||||
|
|
||||||
}
|
|
|
@ -16,10 +16,10 @@
|
||||||
device = "/dev/disk/by-uuid/1147e812-b85d-4690-bbb1-d8ba5c398798";
|
device = "/dev/disk/by-uuid/1147e812-b85d-4690-bbb1-d8ba5c398798";
|
||||||
fsType = "ext4";
|
fsType = "ext4";
|
||||||
};
|
};
|
||||||
fileSystems."/mnt/archive" = {
|
fileSystems."/mnt/game_archive" = {
|
||||||
device = "//u203375.your-storagebox.de/backup/media_archive";
|
device = "//u360073-sub1.your-storagebox.de/u360073-sub1";
|
||||||
fsType = "cifs";
|
fsType = "cifs";
|
||||||
options = [ "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s,seal,iocharset=utf8,credentials=/root/.smbcredentials,uid=0,gid=993,file_mode=0775,dir_mode=0775,cache=loose" ];
|
options = [ "seal,iocharset=utf8,credentials=/root/.smbcredentials,uid=0,gid=993,file_mode=0775,dir_mode=0775,cache=loose" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
# Common mounts
|
# Common mounts
|
||||||
|
@ -28,8 +28,6 @@
|
||||||
device = "/mnt/data/media";
|
device = "/mnt/data/media";
|
||||||
options = [ "bind,ro" ];
|
options = [ "bind,ro" ];
|
||||||
};
|
};
|
||||||
fileSystems."/sftp_jail/common/archive" = {
|
|
||||||
device = "/mnt/archive";
|
services.qemuGuest.enable = true;
|
||||||
options = [ "bind,ro" ];
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -14,6 +14,16 @@
|
||||||
owner = config.users.users.nginx.name;
|
owner = config.users.users.nginx.name;
|
||||||
group = config.users.users.nginx.group;
|
group = config.users.users.nginx.group;
|
||||||
};
|
};
|
||||||
|
sops.secrets."services/nginx/music.htpasswd" = {
|
||||||
|
mode = "0400";
|
||||||
|
owner = config.users.users.nginx.name;
|
||||||
|
group = config.users.users.nginx.group;
|
||||||
|
};
|
||||||
|
sops.secrets."services/nginx/transfersh.htpasswd" = {
|
||||||
|
mode = "0400";
|
||||||
|
owner = config.users.users.nginx.name;
|
||||||
|
group = config.users.users.nginx.group;
|
||||||
|
};
|
||||||
|
|
||||||
# HedgeDoc
|
# HedgeDoc
|
||||||
sops.secrets."services/hedgedoc/.env" = {
|
sops.secrets."services/hedgedoc/.env" = {
|
||||||
|
|
|
@ -2,6 +2,8 @@ services:
|
||||||
nginx:
|
nginx:
|
||||||
admin.htpasswd: ENC[AES256_GCM,data:SYy91gzsVPwca7QHsAFnDV7e9hLoqS1+xeFyLNTa7WwFwT6sbvboMEnZUQ==,iv:RX8+6Ivx0ibZvoMlaxIGzJ1/OzMgOHu94J/lsvF5UqY=,tag:LtBBAlmRI0jskINGR7Gw/Q==,type:str]
|
admin.htpasswd: ENC[AES256_GCM,data:SYy91gzsVPwca7QHsAFnDV7e9hLoqS1+xeFyLNTa7WwFwT6sbvboMEnZUQ==,iv:RX8+6Ivx0ibZvoMlaxIGzJ1/OzMgOHu94J/lsvF5UqY=,tag:LtBBAlmRI0jskINGR7Gw/Q==,type:str]
|
||||||
ecchi.htpasswd: ENC[AES256_GCM,data:w6VYz0uQun4QiSmpqjwVLDRseVND0pHNzFxlD9F/0j7YqeHTo8gl1AI2cQ==,iv:7KKyUyoVtvIiZuQTmtKzWjZwr7heVX2K2C/WRSOPh0A=,tag:iOdURKQGTh+wt4PcEXCGUg==,type:str]
|
ecchi.htpasswd: ENC[AES256_GCM,data:w6VYz0uQun4QiSmpqjwVLDRseVND0pHNzFxlD9F/0j7YqeHTo8gl1AI2cQ==,iv:7KKyUyoVtvIiZuQTmtKzWjZwr7heVX2K2C/WRSOPh0A=,tag:iOdURKQGTh+wt4PcEXCGUg==,type:str]
|
||||||
|
music.htpasswd: ENC[AES256_GCM,data:Qfme6JuA2df4jAw+zWIEeUaefOfpalFFl0ZV4CN7x+3v60kRdY408F+dzccDJUp+mLsNe87qY+nKYh1690x51f+980ehBUIyQtXHTGFFH9kuMBf97+BgwImyce+68V7Yzlvc/NvhAZb0H/ua2AMfIK46BPaDDmWkDZJho0TNkveLDm/CZWgjH9nLI7wQ7dC6HXaeIgDwhSVXbudGZ5GUMKoyMHfzoG6HA/9gORrEjFIhPnzCuLS9gXypDbl6J94ITqdpTf7Eeu5ogHInlHZCnu8nU5tio4Yi9pe9rvfCl+7tUMr/H/TWE/9JVEU3jJ1ZgSwkEk5f3+KW5D5U42K7WEJ+oWmH91k0unYE51fPt2zbCo4G+baz+Syfo/4aY2KU7W/E6RI2gGr3w/uP3F920Nec,iv:alWg41vgcpFp9fagrTMd8YmygFdlcH7thCHngQdvmSk=,tag:zC9mnPwZfF2IHKiLD42fLA==,type:str]
|
||||||
|
transfersh.htpasswd: ENC[AES256_GCM,data:tC4o0/0u2z5vs9FVRBuZrPKujjKXBp/6Ra9g1rnRTvBtM7GUWCUcRItE7Q==,iv:/CLfX+WWahfCCZhHdxIvTUsnTyCymM8pbzkjnVliU/8=,tag:BXHjddJATTeXbnG79du8SA==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
@ -26,8 +28,8 @@ sops:
|
||||||
a1d3ekVWMDV4dUxrSGNod2JvYmtHMmMKnBaqvtBd53Jz9CtkOeEJ93YBeGA8pmof
|
a1d3ekVWMDV4dUxrSGNod2JvYmtHMmMKnBaqvtBd53Jz9CtkOeEJ93YBeGA8pmof
|
||||||
VlSrnXcJmZ3tG1GwVOu8Q9Xr5gXrvaG4HGvETLsGBafxVtMTU4v8KQ==
|
VlSrnXcJmZ3tG1GwVOu8Q9Xr5gXrvaG4HGvETLsGBafxVtMTU4v8KQ==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2023-04-12T12:01:27Z"
|
lastmodified: "2024-02-07T20:40:57Z"
|
||||||
mac: ENC[AES256_GCM,data:Rr3ytpKR2UKuREKJF67PRbVwOf2UXKdXtwEjxA3a7dFSyujNWHL90J3beDTyWaWpPzlmj/ZjeMiSNd80U8A/l/gGSSlASa2bFzJZLlvSRdsRYnM2IuyhtGN4HK0WoyLzruiOX9P2kRJYIkOgMg/8qu0szf8okz4bdXtKz/d5nBQ=,iv:IqIPz5lESrFxkVmreT7uVjEwMr0uwmxEldWjde6ivyA=,tag:mUaAFSkDHRgrRbLITY71NQ==,type:str]
|
mac: ENC[AES256_GCM,data:N9P2aGJfdqdvIEykaXUOYPPsJvvInVeF9TklO8jRgjb+yQHsn7e4yM0moYBxYhhdUAf5QOfJMrgrnnnNbSrJ1us+uQckRhiu2KccQZtcK3GqfL6z7HJAkVbNbO9A30qn2bHdIYo1/hCrJW65T+pli7kuiwW+FyZ5BvlrBeWNB6A=,iv:pySnVf0N8nKEONuS8LKreZnwdsN5Zu/Z3niFiw1dtsw=,tag:Q4S+xpDCzAETovwNAM+Xlw==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.7.3
|
version: 3.8.1
|
||||||
|
|
|
@ -0,0 +1,16 @@
|
||||||
|
{
|
||||||
|
virtualisation.oci-containers.containers = {
|
||||||
|
deemix = {
|
||||||
|
image = "resun83/lidarr-on-steroids";
|
||||||
|
autoStart = true;
|
||||||
|
ports = [
|
||||||
|
"127.0.0.1:6595:6595"
|
||||||
|
];
|
||||||
|
volumes = [
|
||||||
|
"/var/lib/deemix_standalone:/config_deemix"
|
||||||
|
"/var/lib/lidarr_standalone:/config"
|
||||||
|
"/mnt/data/media/MusicNew:/downloads"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -9,8 +9,8 @@
|
||||||
domain = "op.pai.wtf";
|
domain = "op.pai.wtf";
|
||||||
host = "0.0.0.0";
|
host = "0.0.0.0";
|
||||||
protocolUseSSL = true;
|
protocolUseSSL = true;
|
||||||
email = false;
|
email = true;
|
||||||
allowEmailRegister = false;
|
allowEmailRegister = true;
|
||||||
allowOrigin = [ "op.pai.wtf" ];
|
allowOrigin = [ "op.pai.wtf" ];
|
||||||
};
|
};
|
||||||
environmentFile = "/run/secrets/services/hedgedoc/.env";
|
environmentFile = "/run/secrets/services/hedgedoc/.env";
|
||||||
|
|
|
@ -0,0 +1,18 @@
|
||||||
|
{
|
||||||
|
virtualisation.oci-containers.containers = {
|
||||||
|
lidarr = {
|
||||||
|
image = "resun83/lidarr-on-steroids";
|
||||||
|
autoStart = true;
|
||||||
|
ports = [
|
||||||
|
"127.0.0.1:8686:8686"
|
||||||
|
"127.0.0.1:6596:6595"
|
||||||
|
];
|
||||||
|
volumes = [
|
||||||
|
"/var/lib/lidarr:/config"
|
||||||
|
"/var/lib/deemix:/config_deemix"
|
||||||
|
"/mnt/data/downloads/lidarr:/downloads"
|
||||||
|
"/mnt/data/media/MusicNew:/music"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -0,0 +1,14 @@
|
||||||
|
{
|
||||||
|
services.navidrome = {
|
||||||
|
enable = true;
|
||||||
|
settings = {
|
||||||
|
Address = "127.0.0.1";
|
||||||
|
Port = 4533;
|
||||||
|
MusicFolder = "/mnt/data/media/MusicNew";
|
||||||
|
BaseUrl = "https://kinda.sus.lol/music";
|
||||||
|
EnableSharing = true;
|
||||||
|
"Spotify.ID" = "dc4b443a527a4e269389093c39b78ebb";
|
||||||
|
"Spotify.Secret" = "b6150512c86b41eca8259f12b7355411";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -6,9 +6,46 @@
|
||||||
|
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
virtualHosts."request-music.kinda.sus.lol" = {
|
||||||
|
serverName = "request-music.kinda.sus.lol";
|
||||||
|
locations = {
|
||||||
|
"/" = {
|
||||||
|
extraConfig = ''
|
||||||
|
auth_basic "That's kinda sus, not gonna lie...";
|
||||||
|
auth_basic_user_file /run/secrets/services/nginx/music.htpasswd;
|
||||||
|
proxy_pass http://127.0.0.1:6595;
|
||||||
|
proxy_read_timeout 900;
|
||||||
|
proxy_connect_timeout 900;
|
||||||
|
proxy_send_timeout 900;
|
||||||
|
send_timeout 900;
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-Proto https;
|
||||||
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
|
proxy_set_header Connection $http_connection;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
virtualHosts."kinda.sus.lol" = {
|
virtualHosts."kinda.sus.lol" = {
|
||||||
serverName = "kinda.sus.lol";
|
serverName = "kinda.sus.lol";
|
||||||
locations = {
|
locations = {
|
||||||
|
"/music" = {
|
||||||
|
extraConfig = ''
|
||||||
|
proxy_pass http://127.0.0.1:4533;
|
||||||
|
proxy_read_timeout 900;
|
||||||
|
proxy_connect_timeout 900;
|
||||||
|
proxy_send_timeout 900;
|
||||||
|
send_timeout 900;
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-Proto https;
|
||||||
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
|
proxy_set_header Connection $http_connection;
|
||||||
|
'';
|
||||||
|
};
|
||||||
"/admin/sonarr" = {
|
"/admin/sonarr" = {
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
auth_basic "Show slit";
|
auth_basic "Show slit";
|
||||||
|
@ -43,6 +80,40 @@
|
||||||
proxy_set_header Connection $http_connection;
|
proxy_set_header Connection $http_connection;
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
"/admin/lidarr" = {
|
||||||
|
extraConfig = ''
|
||||||
|
auth_basic "Show slit";
|
||||||
|
auth_basic_user_file /run/secrets/services/nginx/admin.htpasswd;
|
||||||
|
proxy_pass http://127.0.0.1:8686;
|
||||||
|
proxy_read_timeout 900;
|
||||||
|
proxy_connect_timeout 900;
|
||||||
|
proxy_send_timeout 900;
|
||||||
|
send_timeout 900;
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-Proto https;
|
||||||
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
|
proxy_set_header Connection $http_connection;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
"/admin/deemix" = {
|
||||||
|
extraConfig = ''
|
||||||
|
auth_basic "Show slit";
|
||||||
|
auth_basic_user_file /run/secrets/services/nginx/admin.htpasswd;
|
||||||
|
proxy_pass http://127.0.0.1:6595;
|
||||||
|
proxy_read_timeout 900;
|
||||||
|
proxy_connect_timeout 900;
|
||||||
|
proxy_send_timeout 900;
|
||||||
|
send_timeout 900;
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-Proto https;
|
||||||
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
|
proxy_set_header Connection $http_connection;
|
||||||
|
'';
|
||||||
|
};
|
||||||
"/admin/prowlarr" = {
|
"/admin/prowlarr" = {
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
auth_basic "Show slit";
|
auth_basic "Show slit";
|
||||||
|
|
|
@ -0,0 +1,10 @@
|
||||||
|
{
|
||||||
|
virtualisation.oci-containers.containers = {
|
||||||
|
prowlarr_ab = {
|
||||||
|
image = "kinda.sus.lol/prowlarr";
|
||||||
|
autoStart = true;
|
||||||
|
ports = [ "127.0.0.1:9697:9696" ];
|
||||||
|
volumes = [ "/var/lib/prowlarr_ab:/config" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -1,3 +1,4 @@
|
||||||
|
{ pkgs, ... }:
|
||||||
{
|
{
|
||||||
imports =
|
imports =
|
||||||
[
|
[
|
||||||
|
@ -7,7 +8,7 @@
|
||||||
variables.qbittorrent = {
|
variables.qbittorrent = {
|
||||||
user = "qbittorrent";
|
user = "qbittorrent";
|
||||||
group = "jellyfin";
|
group = "jellyfin";
|
||||||
torrentPort = 60836;
|
torrentPort = 46208;
|
||||||
uiPort = 8888;
|
uiPort = 8888;
|
||||||
configDir = "/var/lib/qbittorrent";
|
configDir = "/var/lib/qbittorrent";
|
||||||
openFilesLimit = 8192;
|
openFilesLimit = 8192;
|
||||||
|
@ -38,4 +39,24 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
systemd.timers."qbittools-unregistered" = {
|
||||||
|
wantedBy = [ "timers.target" ];
|
||||||
|
timerConfig = {
|
||||||
|
OnBootSec = "5m";
|
||||||
|
OnUnitActiveSec = "2h";
|
||||||
|
Unit = "qbittools-unregistered.service";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.services."qbittools-unregistered" = {
|
||||||
|
script = ''
|
||||||
|
set -eu
|
||||||
|
${pkgs.podman}/bin/podman run -it --rm --network host registry.gitlab.com/alexkm/qbittools@sha256:74fe59f3ef0c23e48db3b2af34a5b1f8b43a4afd3dbf45df7529e300a6f50820 tagging --unregistered --port 8888 -s 127.0.0.1
|
||||||
|
'';
|
||||||
|
serviceConfig = {
|
||||||
|
Type = "oneshot";
|
||||||
|
User= "root";
|
||||||
|
};
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,16 @@
|
||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
{
|
||||||
|
networking.firewall.allowedTCPPorts = [ 6080 ];
|
||||||
|
services.transfer-sh = {
|
||||||
|
enable = true;
|
||||||
|
settings = {
|
||||||
|
LISTENER = "192.168.99.201:6080";
|
||||||
|
HTTP_AUTH_HTPASSWD = "/run/secrets/services/nginx/transfersh.htpasswd";
|
||||||
|
TEMP_PATH = "/mnt/data/transfer-sh/temp";
|
||||||
|
BASEDIR = "/mnt/data/transfer-sh/store";
|
||||||
|
EMAIL_CONTACT = "abuse@lewd.wtf";
|
||||||
|
PURGE_DAYS = "90";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
systemd.services.transfer-sh.serviceConfig.ReadWritePaths = lib.mkForce "/mnt/data/transfer-sh";
|
||||||
|
}
|
|
@ -1,16 +0,0 @@
|
||||||
{
|
|
||||||
users.users.abdulsalam = {
|
|
||||||
group = "sftponly";
|
|
||||||
isNormalUser = true;
|
|
||||||
home = "/sftp_jail/abdulsalam";
|
|
||||||
openssh.authorizedKeys.keys = [
|
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIERtfY26/h5xl+bzZm2htR4+Wd879DvZRPHsosFaEqIW gaming@DESKTOP-4ACM3JU"
|
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE387jL1I99Ws/6BTS/lbiAlDXpyB9zaf08+KWx9U8kd abdulsalam"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/sftp_jail/abdulsalam/mirror/saves" = {
|
|
||||||
device = "/mnt/data/private/nintendo/switch/savegames";
|
|
||||||
options = [ "bind" ];
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,16 +0,0 @@
|
||||||
{
|
|
||||||
users.users.archbox = {
|
|
||||||
group = "sftponly";
|
|
||||||
isNormalUser = true;
|
|
||||||
home = "/sftp_jail/archbox";
|
|
||||||
openssh.authorizedKeys.keys = [
|
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIERtfY26/h5xl+bzZm2htR4+Wd879DvZRPHsosFaEqIW gaming@DESKTOP-4ACM3JU"
|
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJTWN+J6qFf60b58AIEXW/yuDwb7bwoyONKvM10kolWU archbox"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/sftp_jail/archbox/mirror/saves" = {
|
|
||||||
device = "/mnt/data/private/nintendo/switch/savegames";
|
|
||||||
options = [ "bind" ];
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,20 +0,0 @@
|
||||||
{
|
|
||||||
users.users.ecks = {
|
|
||||||
group = "sftponly";
|
|
||||||
isNormalUser = true;
|
|
||||||
home = "/sftp_jail/ecks";
|
|
||||||
openssh.authorizedKeys.keys = [
|
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIERtfY26/h5xl+bzZm2htR4+Wd879DvZRPHsosFaEqIW gaming@DESKTOP-4ACM3JU"
|
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINczWfNkdndU9bqB2PI1D3glO2CiIaEngXY5FnsodZjt ryusak"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/sftp_jail/ecks/mirror/ryusak" = {
|
|
||||||
device = "/mnt/data/mirror/archive/nintendo/switch/ryusak";
|
|
||||||
options = [ "bind" ];
|
|
||||||
};
|
|
||||||
fileSystems."/sftp_jail/ecks/mirror/shaders" = {
|
|
||||||
device = "/mnt/data/mirror/archive/nintendo/switch/shaders";
|
|
||||||
options = [ "bind" ];
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,14 +0,0 @@
|
||||||
{
|
|
||||||
users.users.mirror = {
|
|
||||||
group = "mirror";
|
|
||||||
isNormalUser = true;
|
|
||||||
openssh.authorizedKeys.keys = [
|
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBGCcaz+17IbyUC/bbhG+m1yYiPa15Uut8GBywVREo1w root@fsn1-1"
|
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOceXaCKbLpRq2LwS3Su6gZjqeIrCzBZfuA7rsKYa4BZ root@ash1-1"
|
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMTUV7UVCWsv0xgLM7rQhGJhCWGX2bgHRG8pHuVEqImZ root@hil1-1"
|
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbd+qkj1A99nW71Ldip59KI6yNOao0A1l7Mv3GcXaA8 root@hel1-1"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
users.groups.mirror = {};
|
|
||||||
}
|
|
|
@ -1,18 +0,0 @@
|
||||||
{
|
|
||||||
users.groups.void = {};
|
|
||||||
users.users.void = {
|
|
||||||
group = "void";
|
|
||||||
isNormalUser = true;
|
|
||||||
home = "/home/void";
|
|
||||||
openssh.authorizedKeys.keys = [
|
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIERtfY26/h5xl+bzZm2htR4+Wd879DvZRPHsosFaEqIW gaming@DESKTOP-4ACM3JU"
|
|
||||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC+zfpUS+6gukPJ2WmU8ZFq7h7WRO9aGcze/gPd2TldyTB9tS/0T/5aDfKXzgE121lTmKX3bQru4bdJI1OIIT1YB8CsHFoKaLXrA+grl5GfIUxdgSKtkgJg1n8jH4qL43Zy/J4m1VrAyJBT6CnneDZEa88PizL0K74XGwxQx4zq6J66Csb+lEZfYly8oxNjoTDPNuXKYAX7ko44F5guv92/3XBtZ0wcRFE0IIaWzAOFMnUNrOjEWDiOjUMLNt18eNidsZFLrqdLc24EdZdztrKDIuuzIbx1H1ir9NUQxCIHd1wdqq8ndpkRdhNyOCjPuO2bgB6+eh6gLsFA+7f5CUOCgQ2wDTQdxi0EuA3Qn3hJhiISYe+og1UjhV5942nwH33qWuAg1fE1Sa0unRPCxoYnFbDddSR1d5SBkoqakgFEW0zjEaqIb4H0TeyV/gDs949lganC55wt2YZfXD41Kbi2qTF5KFS722rgObLZ2/3+2iCgJLjAD4qg2SFbi6sLUsc= master@Project-Kratos"
|
|
||||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC614pP9wU/s+u2dFSV/DqpWqo9ngntZ9JpVMUikWc+9UYlq9SpOfr8MM10MOLJiolSeMNMi6NmNQ7Ge5C9O4d0MFQbA87NbGvmQzKYnTsQkRLrQlaDbkTYn8mirqV+vZLBF4ignF2JO0YlbfGXR2dBpdj/zk1WER5w3hIXx6H3ITVxBaOrUpd3gKuHg2YQ7j7whQq/kpoM3PVcdPZUDFB81NttKmyB4vbEmZOYSHx8p53pS8KH3D1kooVTHOuhzILzDPcXrlnFOhtQ5wkknBawq6Tf+1POlQ9TvsSaC79UbExdLOc+776rpGkE1iZ02XWDsAE1E0udDKiX+PhAN+lAXVHX34Jh+THmO36BTxFhSAR35pePL14c6XX+/kta7FEM4O/pl1eIAFnuObHDoL0yF9ruATNJuJWzPfieTBll3DpYH92gENmdT3Rg9sz6yxcY7ubmvZMVAC8R/8QJvlh3pPQC6BckOvOsMHVMdZrI6yBg1veKoZNCqyRl449QGJU= master@DESKTOP-V6SN4JP"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/home/void/mirror/pico" = {
|
|
||||||
device = "/mnt/data/mirror/archive/picoxr";
|
|
||||||
options = [ "bind" ];
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,24 +0,0 @@
|
||||||
{ self, config, pkgs, lib, ... }:
|
|
||||||
let
|
|
||||||
utils = import ../../util/include.nix { lib = lib; };
|
|
||||||
imports =
|
|
||||||
(utils.includeDir ./services) ++
|
|
||||||
[
|
|
||||||
./hardware-configuration.nix
|
|
||||||
./networking.nix
|
|
||||||
./users.nix
|
|
||||||
./secrets.nix
|
|
||||||
];
|
|
||||||
in
|
|
||||||
{
|
|
||||||
inherit imports;
|
|
||||||
|
|
||||||
networking.hostName = "nyx";
|
|
||||||
networking.domain = "lewd.wtf";
|
|
||||||
|
|
||||||
boot.loader.grub.enable = false;
|
|
||||||
boot.loader.systemd-boot.enable = true;
|
|
||||||
boot.loader.efi.canTouchEfiVariables = true;
|
|
||||||
|
|
||||||
system.stateVersion = "22.11";
|
|
||||||
}
|
|
|
@ -1,35 +0,0 @@
|
||||||
{ config, lib, pkgs, modulesPath, ... }:
|
|
||||||
|
|
||||||
{
|
|
||||||
imports =
|
|
||||||
[ (modulesPath + "/installer/scan/not-detected.nix")
|
|
||||||
];
|
|
||||||
|
|
||||||
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
|
|
||||||
boot.initrd.kernelModules = [ ];
|
|
||||||
boot.kernelModules = [ "kvm-amd" ];
|
|
||||||
boot.extraModulePackages = [ ];
|
|
||||||
|
|
||||||
fileSystems."/" =
|
|
||||||
{ device = "/dev/disk/by-uuid/adde8f5f-358d-4ed2-835a-8fecbe4a86a4";
|
|
||||||
fsType = "ext4";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/boot" =
|
|
||||||
{ device = "/dev/disk/by-uuid/8D9D-CCA2";
|
|
||||||
fsType = "vfat";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/home" =
|
|
||||||
{ device = "/dev/disk/by-uuid/6cee1359-6e2c-45fc-927d-f2a558f0ec5d";
|
|
||||||
fsType = "ext4";
|
|
||||||
};
|
|
||||||
|
|
||||||
swapDevices =
|
|
||||||
[ { device = "/dev/disk/by-uuid/474244b3-df18-4af7-badf-d7b2531ae17c"; }
|
|
||||||
];
|
|
||||||
|
|
||||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
|
||||||
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
|
||||||
}
|
|
||||||
|
|
|
@ -1,11 +0,0 @@
|
||||||
{ ... }:
|
|
||||||
{
|
|
||||||
networking.defaultGateway = "192.168.0.1";
|
|
||||||
networking.nameservers = [ "192.168.0.69" ];
|
|
||||||
networking.interfaces.enp2s0.ipv4.addresses = [
|
|
||||||
{
|
|
||||||
address = "192.168.0.10";
|
|
||||||
prefixLength = 22;
|
|
||||||
}
|
|
||||||
];
|
|
||||||
}
|
|
|
@ -1,30 +0,0 @@
|
||||||
example_key: ENC[AES256_GCM,data:MB+njL6mhVGUYKlBww==,iv:wXY3sv0gW37H/Mv5s4caJIZe0NPzrSOu5+/zZV21OsU=,tag:G9EH5DpFHMq2Qx/grNrYNQ==,type:str]
|
|
||||||
sops:
|
|
||||||
kms: []
|
|
||||||
gcp_kms: []
|
|
||||||
azure_kv: []
|
|
||||||
hc_vault: []
|
|
||||||
age:
|
|
||||||
- recipient: age17wdazshqnfe63cy7mmsmwld75e5wedgn8gngvmvlqdktlr86c4us87tjxv
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5QXk5U3JRZ1FtNzM0cEZJ
|
|
||||||
b3RXdEpra2VJSWxvT3BwOWZuc1JkWkhBQWlVCmFQUHlybEZYNXYrNVpLT2xPc2pP
|
|
||||||
UEtxdlJHdWhzK05CRzN1dFlqM01ValkKLS0tIDZVQWo0SXFyV1Nad2RGcGFtcDBt
|
|
||||||
UHQyVjkvOGZXVXJDYWhQeFN0WFJhOHcKsmRy6Sn3IHPuXdv5j8l373HLBSgBy7M/
|
|
||||||
Z/uIth3S50OGf6okvvHJxWuZ3xVXwZqUwfYpE5WtJuSXi4rBaJHISw==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age1vnyex6qqzwl5laxgww9xzcqy9ht85s0etgq0esry8gk7ad0eaq8qz9p5ya
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxamE0eTB3TXVGNDN1azZ3
|
|
||||||
MmRHalA4TjErZE1Db2tNM1lhd2VHK0l0YlVNClFic2t2VXhKR0pBMGFIVHRFczEy
|
|
||||||
cE9KZjlDSzZuYlJWTlVEL1ZXOUxRajAKLS0tIHhaekZvdE40YlVlS3A2Y0kxWHVR
|
|
||||||
SkMwdFUrcmN4aUJ0cms5WlhBWnZKTncKt0JurciGm7hQI8VSalQaHvGzh9xF2Xrl
|
|
||||||
afe94Ma/mmojj8cEqJQlarMMDtAAGsWjz7zwwam629uE9Yjsr/YRbw==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
lastmodified: "2023-04-15T08:13:59Z"
|
|
||||||
mac: ENC[AES256_GCM,data:ockH8FVoLTeGuCOKknJ3aSQIQEIFFtmJQ+RwmDgorWSYHCUDsriSGy8fVEoAE/6pzGMahjdC1rK2YtaeAFljsNTh1Ct5CpVBmwKZVOCZSM9eWz4d7JFjJolIc+kNSj/9k+NUZBZafUMa1ckIK/8CMM0AysZ/mBeYTsaP8WOfB5g=,iv:aFICxoznCi5Tg+YZrsBAiEWPw7Hw+Abv1wJpdB50PQY=,tag:2sWz7OvFI7pIRsoeHJKpxQ==,type:str]
|
|
||||||
pgp: []
|
|
||||||
unencrypted_suffix: _unencrypted
|
|
||||||
version: 3.7.3
|
|
|
@ -1,9 +0,0 @@
|
||||||
ADMIN_TOKEN=ENC[AES256_GCM,data:R1mhyfHnTvnWaeKL7UFUuaA8bmpoQciLXRgLZKTDH0Zvo/M76s/NSenBEtpfpUJMbHGp1hmXqkK6jR5WVemYhg==,iv:yCdNQbQx86CZU7GvShcL9YxOlzGr/bTfTp5DDMudTDs=,tag:yPXiqasJbj2NCc5vIc2zVw==,type:str]
|
|
||||||
sops_mac=ENC[AES256_GCM,data:LkjzPt4EVD23fPtcSaAfn0zBSdHP2zo1oF3fRPS7yP+kKdsBUDVVHoS63GT4nUmzgok+AF23EyRhGRWX3TL4f7IqylU50K5NMrNwBCQw6X0DGAqrMnsrvpSCPdWkLcm8fqpo4K22I/0fZl2AXSzuMWY4NKDu2IB0j1eNpP4qILY=,iv:4pdUt5LxdaXl9CIP4lgcnQLI+IbCiEPkU3idorJput8=,tag:++XPxDInGY2f/n+7r43obw==,type:str]
|
|
||||||
sops_unencrypted_suffix=_unencrypted
|
|
||||||
sops_lastmodified=2023-04-15T07:50:09Z
|
|
||||||
sops_age__list_1__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0UXYrVkxHSmx1V1E1aVlW\nTVMwamo2ZnJrbERDTkJoSS8yanVXZ2pEbEJnCjExM2U5T1U3SkVrNFhIaXg5VE9K\ncnNyUDdQM2IyQ2FpenV0VEhIR1NBaTQKLS0tIEsvOTNDa1BvUlk3UE01VGZydmVG\nZDZOelphR0Nsa3c4aXZ5NDJVWlVvQmsKPxUi8Vgxe+EsHSF/33OfoEdFIUscDTzR\nzjf8rkG5BU616tudvXUGLfdncCiG+hfz7ZvmEYlTEAdGzSYSW8tuhg==\n-----END AGE ENCRYPTED FILE-----\n
|
|
||||||
sops_age__list_0__map_recipient=age17wdazshqnfe63cy7mmsmwld75e5wedgn8gngvmvlqdktlr86c4us87tjxv
|
|
||||||
sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTdTRPUGxqcGowU0FjRE84\nNjhKdEJabFZEVXo3aTArQnNNRjhaMFZiKzNrCmpLbFoxTVlTUkYxOHVJdlFqa0JF\nQStIT29uSlY3SWtzZHFqbjZwTHZ1aEUKLS0tIHJlLzlCV0RJekVvOWRLV3JmZ2pv\nZ0VrUVg5NXVTWU5LRDk2M3dYWXM3bkEKA4KusPniM0pO6oJhHq1khrfcwdSvG+/A\n7rn6Ib23WSHUAquxCxOz9IXL2GDrajEFnv82lyYUgijgb7PEWC2pPQ==\n-----END AGE ENCRYPTED FILE-----\n
|
|
||||||
sops_age__list_1__map_recipient=age1vnyex6qqzwl5laxgww9xzcqy9ht85s0etgq0esry8gk7ad0eaq8qz9p5ya
|
|
||||||
sops_version=3.7.3
|
|
|
@ -1,14 +0,0 @@
|
||||||
{
|
|
||||||
users.groups.markus = {};
|
|
||||||
users.users.markus = {
|
|
||||||
group = "markus";
|
|
||||||
isNormalUser = true;
|
|
||||||
home = "/home/markus";
|
|
||||||
homeMode = "755";
|
|
||||||
createHome = true;
|
|
||||||
openssh.authorizedKeys.keys = [
|
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIERtfY26/h5xl+bzZm2htR4+Wd879DvZRPHsosFaEqIW gaming@DESKTOP-4ACM3JU"
|
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC2eur+tK9VTYqXTgYlJY1/oV1EzUhm4QZGEl4e3/kWr deck@steamdeck"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -0,0 +1,326 @@
|
||||||
|
{ lib, pkgs, config, ... }:
|
||||||
|
with lib;
|
||||||
|
let
|
||||||
|
cfg = config.c3moc;
|
||||||
|
in {
|
||||||
|
options.c3moc = {
|
||||||
|
enable = mkEnableOption "enable c3moc services";
|
||||||
|
switchNfs = mkEnableOption "switch nfs config to c3moc one";
|
||||||
|
};
|
||||||
|
config = mkIf cfg.enable {
|
||||||
|
fileSystems = {
|
||||||
|
"/mnt/zbigdata/c3moc_dropfolder" = {
|
||||||
|
device = "zbigdata/c3moc_dropfolder";
|
||||||
|
fsType = "zfs";
|
||||||
|
};
|
||||||
|
"/export/c3moc/media" = lib.mkIf cfg.switchNfs {
|
||||||
|
device = "/mnt/zbigdata/media";
|
||||||
|
options = [ "bind" ];
|
||||||
|
};
|
||||||
|
"/export/c3moc/games" = lib.mkIf cfg.switchNfs {
|
||||||
|
device = "/mnt/zbigdata/games";
|
||||||
|
options = [ "bind" ];
|
||||||
|
};
|
||||||
|
"/export/c3moc/dropfolder" = lib.mkIf cfg.switchNfs {
|
||||||
|
device = "/mnt/zbigdata/c3moc_dropfolder";
|
||||||
|
options = [ "bind" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
containers.c3moc = {
|
||||||
|
autoStart = true;
|
||||||
|
privateNetwork = true;
|
||||||
|
hostAddress = "192.168.69.1";
|
||||||
|
hostAddress6 = "aa69::1";
|
||||||
|
localAddress = "192.168.69.10";
|
||||||
|
localAddress6 = "aa69::69";
|
||||||
|
|
||||||
|
bindMounts = {
|
||||||
|
"/home/c3moc/media" = {
|
||||||
|
hostPath = "/mnt/zbigdata/media";
|
||||||
|
isReadOnly = true;
|
||||||
|
};
|
||||||
|
"/home/c3moc/games" = {
|
||||||
|
hostPath = "/mnt/zbigdata/games";
|
||||||
|
isReadOnly = true;
|
||||||
|
};
|
||||||
|
"/home/c3moc/dropfolder" = {
|
||||||
|
hostPath = "/mnt/zbigdata/c3moc_dropfolder";
|
||||||
|
isReadOnly = false;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = { config, pkgs, ... }: {
|
||||||
|
system.stateVersion = "24.05";
|
||||||
|
|
||||||
|
networking = {
|
||||||
|
firewall = {
|
||||||
|
enable = true;
|
||||||
|
};
|
||||||
|
useHostResolvConf = lib.mkForce false;
|
||||||
|
};
|
||||||
|
|
||||||
|
services.resolved.enable = true;
|
||||||
|
|
||||||
|
users.groups.c3moc = {};
|
||||||
|
users.users.c3moc = {
|
||||||
|
group = "c3moc";
|
||||||
|
password = "c3moc";
|
||||||
|
isNormalUser = true;
|
||||||
|
home = "/home/c3moc";
|
||||||
|
};
|
||||||
|
|
||||||
|
# Jellyfin
|
||||||
|
environment.systemPackages = with pkgs; [
|
||||||
|
jellyfin-ffmpeg
|
||||||
|
];
|
||||||
|
|
||||||
|
services.jellyfin = {
|
||||||
|
enable = true;
|
||||||
|
openFirewall = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
# FTP access
|
||||||
|
services.vsftpd = {
|
||||||
|
enable = true;
|
||||||
|
writeEnable = true;
|
||||||
|
anonymousUser = true;
|
||||||
|
anonymousUserNoPassword = true;
|
||||||
|
anonymousUserHome = "/home/c3moc";
|
||||||
|
anonymousUploadEnable = true;
|
||||||
|
anonymousMkdirEnable = true;
|
||||||
|
anonymousUmask = "000";
|
||||||
|
};
|
||||||
|
|
||||||
|
# SFTP access
|
||||||
|
services.openssh = {
|
||||||
|
enable = true;
|
||||||
|
extraConfig = ''
|
||||||
|
Match Group c3moc
|
||||||
|
ChrootDirectory /home
|
||||||
|
ForceCommand internal-sftp
|
||||||
|
AllowTcpForwarding no
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
# CIFS access
|
||||||
|
services.samba = {
|
||||||
|
enable = true;
|
||||||
|
openFirewall = true;
|
||||||
|
extraConfig = ''
|
||||||
|
workgroup = WORKGROUP
|
||||||
|
server string = c3moc
|
||||||
|
netbios name = c3moc
|
||||||
|
security = user
|
||||||
|
use sendfile = yes
|
||||||
|
guest account = nobody
|
||||||
|
map to guest = bad user
|
||||||
|
'';
|
||||||
|
shares = {
|
||||||
|
c3moc = {
|
||||||
|
path = "/home/c3moc";
|
||||||
|
browseable = "yes";
|
||||||
|
"read only" = "no";
|
||||||
|
"guest ok" = "yes";
|
||||||
|
"create mask" = "0777";
|
||||||
|
"directory mask" = "0777";
|
||||||
|
"force user" = "c3moc";
|
||||||
|
"force group" = "c3moc";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
services.nfs.server.exports = mkIf cfg.switchNfs ''
|
||||||
|
/export (ro,fsid=0,no_subtree_check)
|
||||||
|
/export/c3moc (ro,nohide,insecure,no_subtree_check)
|
||||||
|
/export/c3moc/games (ro,nohide,insecure,no_subtree_check)
|
||||||
|
/export/c3moc/media (ro,nohide,insecure,no_subtree_check)
|
||||||
|
/export/c3moc/dropfolder (rw,nohide,insecure,no_subtree_check)
|
||||||
|
'';
|
||||||
|
|
||||||
|
networking.nat.forwardPorts = [
|
||||||
|
# FTP
|
||||||
|
{
|
||||||
|
destination = "192.168.69.10:20";
|
||||||
|
proto = "tcp";
|
||||||
|
sourcePort = 20;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
destination = "192.168.69.10:21";
|
||||||
|
proto = "tcp";
|
||||||
|
sourcePort = 21;
|
||||||
|
}
|
||||||
|
# SFTP
|
||||||
|
{
|
||||||
|
destination = "192.168.69.10:22";
|
||||||
|
proto = "tcp";
|
||||||
|
sourcePort = 22;
|
||||||
|
}
|
||||||
|
# SMB
|
||||||
|
{
|
||||||
|
destination = "192.168.69.10:137";
|
||||||
|
proto = "udp";
|
||||||
|
sourcePort = 137;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
destination = "192.168.69.10:138";
|
||||||
|
proto = "udp";
|
||||||
|
sourcePort = 138;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
destination = "192.168.69.10:139";
|
||||||
|
proto = "tcp";
|
||||||
|
sourcePort = 139;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
destination = "192.168.69.10:445";
|
||||||
|
proto = "tcp";
|
||||||
|
sourcePort = 445;
|
||||||
|
}
|
||||||
|
# FTP
|
||||||
|
{
|
||||||
|
destination = "aa69::69:20";
|
||||||
|
proto = "tcp";
|
||||||
|
sourcePort = 20;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
destination = "aa69::69:21";
|
||||||
|
proto = "tcp";
|
||||||
|
sourcePort = 21;
|
||||||
|
}
|
||||||
|
# SFTP
|
||||||
|
{
|
||||||
|
destination = "aa69::69:22";
|
||||||
|
proto = "tcp";
|
||||||
|
sourcePort = 22;
|
||||||
|
}
|
||||||
|
# SMB
|
||||||
|
{
|
||||||
|
destination = "aa69::69:137";
|
||||||
|
proto = "udp";
|
||||||
|
sourcePort = 137;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
destination = "aa69::69:138";
|
||||||
|
proto = "udp";
|
||||||
|
sourcePort = 138;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
destination = "aa69::69:139";
|
||||||
|
proto = "tcp";
|
||||||
|
sourcePort = 139;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
destination = "aa69::69:445";
|
||||||
|
proto = "tcp";
|
||||||
|
sourcePort = 445;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
# Monitoring Stuff
|
||||||
|
services.prometheus.exporters.node = {
|
||||||
|
enable = true;
|
||||||
|
port = 9100;
|
||||||
|
enabledCollectors = [
|
||||||
|
"logind"
|
||||||
|
"systemd"
|
||||||
|
];
|
||||||
|
disabledCollectors = [
|
||||||
|
"textfile"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
services.prometheus = {
|
||||||
|
enable = true;
|
||||||
|
|
||||||
|
scrapeConfigs = [
|
||||||
|
{
|
||||||
|
job_name = "node";
|
||||||
|
static_configs = [{
|
||||||
|
targets = [ "localhost:${toString config.services.prometheus.exporters.node.port}" ];
|
||||||
|
}];
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
services.grafana = {
|
||||||
|
enable = true;
|
||||||
|
settings = {
|
||||||
|
server = {
|
||||||
|
# Listening Address
|
||||||
|
http_addr = "127.0.0.1";
|
||||||
|
# and Port
|
||||||
|
http_port = 3000;
|
||||||
|
# Grafana needs to know on which domain and URL it's running
|
||||||
|
domain = "gpn22.c3moc.lol";
|
||||||
|
root_url = "https://gpn22.c3moc.lol/stats/"; # Not needed if it is `https://your.domain/`
|
||||||
|
serve_from_sub_path = true;
|
||||||
|
};
|
||||||
|
"auth.anonymous" = {
|
||||||
|
enabled = true;
|
||||||
|
org_name = "Public";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
# Nginx Stuff
|
||||||
|
services.nginx = {
|
||||||
|
virtualHosts."gpn22.c3moc.lol" = {
|
||||||
|
serverName = "gpn22.c3moc.lol";
|
||||||
|
enableACME = true;
|
||||||
|
forceSSL = true;
|
||||||
|
locations = {
|
||||||
|
"= /" = {
|
||||||
|
extraConfig = ''
|
||||||
|
return 302 https://$host/web/;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
"/" = {
|
||||||
|
extraConfig = ''
|
||||||
|
proxy_pass http://192.168.69.10:8096;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
proxy_set_header X-Forwarded-Protocol $scheme;
|
||||||
|
proxy_set_header X-Forwarded-Host $http_host;
|
||||||
|
proxy_buffering off;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
"= /web/" = {
|
||||||
|
extraConfig = ''
|
||||||
|
proxy_pass http://192.168.69.10:8096/web/index.html;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
proxy_set_header X-Forwarded-Protocol $scheme;
|
||||||
|
proxy_set_header X-Forwarded-Host $http_host;
|
||||||
|
proxy_buffering off;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
"/socket" = {
|
||||||
|
extraConfig = ''
|
||||||
|
proxy_pass http://192.168.69.10:8096/socket;
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
|
proxy_set_header Connection "upgrade";
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
proxy_set_header X-Forwarded-Protocol $scheme;
|
||||||
|
proxy_set_header X-Forwarded-Host $http_host;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
"/stats/" = {
|
||||||
|
proxyPass = "http://${toString config.services.grafana.settings.server.http_addr}:${toString config.services.grafana.settings.server.http_port}";
|
||||||
|
proxyWebsockets = true;
|
||||||
|
recommendedProxySettings = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -0,0 +1,36 @@
|
||||||
|
{ self, config, pkgs, lib, ... }:
|
||||||
|
let
|
||||||
|
utils = import ../../util/include.nix { lib = lib; };
|
||||||
|
imports =
|
||||||
|
(utils.includeDir ./services) ++
|
||||||
|
(utils.includeDir ./containers) ++
|
||||||
|
[
|
||||||
|
./hardware-configuration.nix
|
||||||
|
./networking.nix
|
||||||
|
./secrets.nix
|
||||||
|
./c3moc.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
in {
|
||||||
|
inherit imports;
|
||||||
|
|
||||||
|
c3moc.enable = false;
|
||||||
|
c3moc.switchNfs = false;
|
||||||
|
|
||||||
|
boot.loader.systemd-boot.enable = false;
|
||||||
|
boot.loader.grub = {
|
||||||
|
enable = true;
|
||||||
|
efiSupport = false;
|
||||||
|
copyKernels = true;
|
||||||
|
mirroredBoots = [
|
||||||
|
{ path = "/boot-1"; devices = [ "/dev/disk/by-id/ata-Samsung_SSD_860_QVO_1TB_S4CZNF0M558343V" ]; }
|
||||||
|
{ path = "/boot-2"; devices = [ "/dev/disk/by-id/ata-Samsung_SSD_860_QVO_1TB_S4CZNF0N633130M" ]; }
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
networking.hostName = "phoenix";
|
||||||
|
networking.domain = "lewd.wtf";
|
||||||
|
|
||||||
|
system.stateVersion = "24.05"; # Did you read the comment?
|
||||||
|
}
|
||||||
|
|
|
@ -0,0 +1,83 @@
|
||||||
|
{ lib, ... }:
|
||||||
|
{
|
||||||
|
networking.nat.forwardPorts = [
|
||||||
|
{
|
||||||
|
destination = "192.168.100.11:51506";
|
||||||
|
proto = "tcp";
|
||||||
|
sourcePort = 51506;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
destination = "192.168.100.11:51506";
|
||||||
|
proto = "udp";
|
||||||
|
sourcePort = 51506;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
fileSystems."/mnt/zbigdata/seedbox_test" = {
|
||||||
|
device = "zbigdata/seedbox_test";
|
||||||
|
fsType = "zfs";
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
containers.seedbox-test = {
|
||||||
|
autoStart = true;
|
||||||
|
privateNetwork = true;
|
||||||
|
hostAddress = "10.175.197.82";
|
||||||
|
localAddress = "192.168.100.11";
|
||||||
|
|
||||||
|
bindMounts = {
|
||||||
|
"/home" = {
|
||||||
|
hostPath = "/mnt/zbigdata/seedbox_test";
|
||||||
|
isReadOnly = false;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = { config, pkgs, ... }: {
|
||||||
|
system.stateVersion = "24.05";
|
||||||
|
|
||||||
|
networking = {
|
||||||
|
firewall = {
|
||||||
|
enable = true;
|
||||||
|
};
|
||||||
|
useHostResolvConf = lib.mkForce false;
|
||||||
|
};
|
||||||
|
|
||||||
|
services.resolved.enable = true;
|
||||||
|
|
||||||
|
# Custom stuff
|
||||||
|
environment.systemPackages = [ pkgs.qbittorrent-nox ];
|
||||||
|
|
||||||
|
networking.firewall = {
|
||||||
|
allowedTCPPorts = [ 51506 8888 ];
|
||||||
|
allowedUDPPorts = [ 51506 ];
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.services.qbittorrent = {
|
||||||
|
after = [ "network.target" ];
|
||||||
|
description = "qBittorrent Daemon";
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
path = [ pkgs.qbittorrent-nox ];
|
||||||
|
serviceConfig = {
|
||||||
|
ExecStart = ''
|
||||||
|
${pkgs.qbittorrent-nox}/bin/qbittorrent-nox \
|
||||||
|
--profile=/home/test/ \
|
||||||
|
--webui-port=8888
|
||||||
|
'';
|
||||||
|
Restart = "on-success";
|
||||||
|
User = "test";
|
||||||
|
Group = "test";
|
||||||
|
UMask = "0002";
|
||||||
|
LimitNOFILE = 8192;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
users.groups.test = {};
|
||||||
|
users.users.test = {
|
||||||
|
group = "test";
|
||||||
|
isNormalUser = true;
|
||||||
|
home = "/home/test";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -0,0 +1,52 @@
|
||||||
|
{ config, lib, pkgs, modulesPath, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports =
|
||||||
|
[ (modulesPath + "/installer/scan/not-detected.nix")
|
||||||
|
];
|
||||||
|
|
||||||
|
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "mpt3sas" "usbhid" "usb_storage" "sd_mod" ];
|
||||||
|
boot.initrd.kernelModules = [ "dm-snapshot" ];
|
||||||
|
boot.kernelModules = [ "kvm-intel" ];
|
||||||
|
boot.extraModulePackages = [ ];
|
||||||
|
|
||||||
|
fileSystems."/" = {
|
||||||
|
device = "zroot/root";
|
||||||
|
fsType = "zfs";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/boot-1" = {
|
||||||
|
device = "/dev/disk/by-uuid/6CA4-1FB2";
|
||||||
|
fsType = "vfat";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/boot-2" = {
|
||||||
|
device = "/dev/disk/by-uuid/6CA5-F5A2";
|
||||||
|
fsType = "vfat";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/mnt/zvault/desktop" = {
|
||||||
|
device = "zvault/desktop";
|
||||||
|
fsType = "zfs";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/mnt/zbigdata/media" = {
|
||||||
|
device = "zbigdata/media";
|
||||||
|
fsType = "zfs";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/mnt/zbigdata/games" = {
|
||||||
|
device = "zbigdata/games";
|
||||||
|
fsType = "zfs";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/var/lib/attic/storage" = {
|
||||||
|
device = "zbigdata/attic";
|
||||||
|
fsType = "zfs";
|
||||||
|
};
|
||||||
|
|
||||||
|
swapDevices = [ ];
|
||||||
|
|
||||||
|
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||||
|
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||||
|
}
|
|
@ -0,0 +1,75 @@
|
||||||
|
{ pkgs, ... }:
|
||||||
|
{
|
||||||
|
networking.useDHCP = false;
|
||||||
|
networking.bridges = {
|
||||||
|
"br0" = {
|
||||||
|
interfaces = [
|
||||||
|
"eno2"
|
||||||
|
"enp2s0"
|
||||||
|
"enp101s0"
|
||||||
|
"enp101s0d1"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
networking.nat = {
|
||||||
|
enable = true;
|
||||||
|
internalInterfaces = ["ve-+"];
|
||||||
|
externalInterface = "br0";
|
||||||
|
enableIPv6 = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
networking.interfaces.br0.ipv4.addresses = [
|
||||||
|
{
|
||||||
|
address = "192.168.0.42";
|
||||||
|
prefixLength = 22;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
# networking.defaultGateway = "10.0.0.1";
|
||||||
|
networking.defaultGateway = "192.168.0.1";
|
||||||
|
networking.nameservers = [ "1.1.1.1" ];
|
||||||
|
|
||||||
|
networking.firewall.enable = false;
|
||||||
|
|
||||||
|
networking.wireguard.interfaces = {
|
||||||
|
wg0 = {
|
||||||
|
ips = [ "10.175.197.82/32" "fd7d:76ee:e68f:a993:f6b2:9dab:ddd3:a02/128" ];
|
||||||
|
privateKeyFile = "/run/secrets/services/wireguard/airvpn.private";
|
||||||
|
|
||||||
|
allowedIPsAsRoutes = false;
|
||||||
|
peers = [
|
||||||
|
{
|
||||||
|
publicKey = "PyLCXAQT8KkM4T+dUsOQfn+Ub3pGxfGlxkIApuig+hk=";
|
||||||
|
presharedKeyFile = "/run/secrets/services/wireguard/airvpn.psk";
|
||||||
|
allowedIPs = [ "0.0.0.0/0" ];
|
||||||
|
endpoint = "134.19.179.213:1637";
|
||||||
|
persistentKeepalive = 25;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
postSetup = [
|
||||||
|
# Force traffic from container networks through wg0
|
||||||
|
"ip route add table 2 default dev wg0"
|
||||||
|
"ip rule add from 192.168.100.0/24 table 2"
|
||||||
|
"ip rule add from 192.168.5.0/24 table 2"
|
||||||
|
# NAT
|
||||||
|
"${pkgs.iptables}/bin/iptables -I POSTROUTING -t nat -o wg0 -j MASQUERADE"
|
||||||
|
# c3moc NAT
|
||||||
|
"${pkgs.iptables}/bin/iptables -I POSTROUTING -t nat -o br0 -j MASQUERADE"
|
||||||
|
# Port forwarding
|
||||||
|
"${pkgs.iptables}/bin/iptables -A PREROUTING -t nat -p tcp -i wg0 --dport 51506 -j DNAT --to-destination 192.168.100.11:51506"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
systemd.services.wireguard-wg0.preStop =
|
||||||
|
# Force traffic from container networks through wg0
|
||||||
|
"ip rule del from 192.168.100.0/24 table 2" +
|
||||||
|
"ip rule del from 192.168.5.0/24 table 2" +
|
||||||
|
"ip route del table 2 default dev wg0" +
|
||||||
|
# NAT
|
||||||
|
"${pkgs.iptables}/bin/iptables -D POSTROUTING -t nat -o wg0 -j MASQUERADE" +
|
||||||
|
# c3moc NAT
|
||||||
|
"${pkgs.iptables}/bin/iptables -D POSTROUTING -t nat -o br0 -j MASQUERADE" +
|
||||||
|
# Port Forwarding
|
||||||
|
"${pkgs.iptables}/bin/iptables -D PREROUTING -t nat -p tcp -i wg0 --dport 51506 -j DNAT --to-destination 192.168.100.11:51506"
|
||||||
|
;
|
||||||
|
}
|
|
@ -0,0 +1,43 @@
|
||||||
|
{ config, ... }:
|
||||||
|
{
|
||||||
|
sops.defaultSopsFile = ./secrets/services.yaml;
|
||||||
|
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||||||
|
|
||||||
|
# Vaultwarden
|
||||||
|
sops.secrets."services/vaultwarden/.env" = {
|
||||||
|
mode = "0400";
|
||||||
|
owner = config.users.users.vaultwarden.name;
|
||||||
|
group = config.users.users.vaultwarden.group;
|
||||||
|
sopsFile = ./secrets/vaultwarden.env;
|
||||||
|
format = "dotenv";
|
||||||
|
};
|
||||||
|
|
||||||
|
# Attic
|
||||||
|
sops.secrets."services/attic/creds.env" = {
|
||||||
|
mode = "0400";
|
||||||
|
owner = config.users.users.root.name;
|
||||||
|
group = config.users.users.root.group;
|
||||||
|
sopsFile = ./secrets/attic.env;
|
||||||
|
format = "dotenv";
|
||||||
|
};
|
||||||
|
|
||||||
|
# MSMTP
|
||||||
|
sops.secrets."services/msmtp/password" = {
|
||||||
|
mode = "0777";
|
||||||
|
sopsFile = ./secrets/msmtp.yaml;
|
||||||
|
};
|
||||||
|
|
||||||
|
# Wireguard
|
||||||
|
sops.secrets."services/wireguard/airvpn.private" = {
|
||||||
|
mode = "0400";
|
||||||
|
owner = config.users.users.root.name;
|
||||||
|
group = config.users.users.root.group;
|
||||||
|
sopsFile = ./secrets/wireguard.yaml;
|
||||||
|
};
|
||||||
|
sops.secrets."services/wireguard/airvpn.psk" = {
|
||||||
|
mode = "0400";
|
||||||
|
owner = config.users.users.root.name;
|
||||||
|
group = config.users.users.root.group;
|
||||||
|
sopsFile = ./secrets/wireguard.yaml;
|
||||||
|
};
|
||||||
|
}
|
|
@ -0,0 +1,9 @@
|
||||||
|
ATTIC_SERVER_TOKEN_HS256_SECRET_BASE64=ENC[AES256_GCM,data:VPOq3Ipu7fnpi14mbdFG01MJiZvMuK1FHlQbO+AQi3Xh8ZCScr+wedGekvtqrOkNXk8PBsXpXhXhQ7j7dJkUyfBnE1RAEIxaxwhuWyS2e2ZyTKNjL427hb/9,iv:xgc74cUXxO5dGTRGsl4u3HDRg1f3pOtHdekYoz/mDO8=,tag:j1c0Axfa/oBMgccPtrm5GQ==,type:str]
|
||||||
|
sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1MVRwaEJaa21ENi9RbGJn\nQXk2QXN1QW1ZbGFUaXdsaThEM0FJNTNKYjNNCmtDMXM3THQxazJTY2tjZ1JnTHF3\nOHVqZkdXOHdYUnQ4UGVXZGxwaDJGMG8KLS0tIHVNSWdReG9kY3lqa2xnRzVnVTZn\nemJmejIrSnd3amdUNm1TRE1OTTRSVG8Ktzanb6rbmFRE02N9vt+QyuwIpJN+EXCM\ncJRgxdUovzt/4CU6oJDNLrdV0FfCPUHMfg6f6CgEGu0RhvzKAh77Dg==\n-----END AGE ENCRYPTED FILE-----\n
|
||||||
|
sops_age__list_0__map_recipient=age17wdazshqnfe63cy7mmsmwld75e5wedgn8gngvmvlqdktlr86c4us87tjxv
|
||||||
|
sops_age__list_1__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFbmZsV0ZINVN4QytybDRz\nb2pQVTNoVFVNb3A3QmlYUG9BRnBQVEFxYXk4CnVpZHQrd090WUF0TkVqNk1OM1JN\nS21hdHJ6MkEvUXlwYkFoTmdEeDZPcDgKLS0tIFFMdkhBRVVxelpDUFdxWWNKbEU4\nZkc2d3lEZC9FVHpBZlQ5K1lDK3ZwbFUKFshCxKov4sjuHOokHmoxa+IeOT2ttg7o\nNL75mlP+u6IKETvQNQ4HlHcVF1Zask1JUeJU13xI3b26laIKr0ZBYw==\n-----END AGE ENCRYPTED FILE-----\n
|
||||||
|
sops_age__list_1__map_recipient=age1tf5077gpdp3cp4hedvng5wltzvp9jg0ehpt7czhnczlx6ctvqpjstvrmmh
|
||||||
|
sops_lastmodified=2024-04-07T09:41:32Z
|
||||||
|
sops_mac=ENC[AES256_GCM,data:lDQABnYzFbMNT09grDE9y++VWDzbw4wlrIXpXL2WMBK6LnJhtzsWHyUuZ8fxIjCihtxUW5LbeY5YjV53NubAGK+Aw3JysR90iVQ7Mo7Dn5E7Hv3MUx1+1R/HqIZegZ5lY64u58dFKqUV46lOqTCE3nfVSGZ65CiBLtHOOOYs8L4=,iv:4CvbTGLSzDC7IM7mt+V4tL+Js0sX4Z8nnJapC1BwrOk=,tag:PlkagmUsAmZ8FRsZy5x0Dw==,type:str]
|
||||||
|
sops_unencrypted_suffix=_unencrypted
|
||||||
|
sops_version=3.8.1
|
|
@ -0,0 +1,32 @@
|
||||||
|
services:
|
||||||
|
msmtp:
|
||||||
|
password: ENC[AES256_GCM,data:k4pMmcPrv0jQkr2Odd4elg==,iv:/gNqUPgd480v/C8+BOuFUNdjkEXWNjMqzwQ4HxftnC4=,tag:8/HVE/aHCbyHRMlNB2mT8A==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age17wdazshqnfe63cy7mmsmwld75e5wedgn8gngvmvlqdktlr86c4us87tjxv
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYamhaWEhNNVZBUXMvU1dx
|
||||||
|
cVppQVpNcjFXRzgvTmRXYTk0SFZkbWFWWFNvCndnZnkxd1F0Y3VjVW1FZGhJWGR3
|
||||||
|
N29zM0ltT2wyUjg0UU9VdU1mY3htMmcKLS0tIDhpclNJT09pUGI2TnpaSEpwZGNk
|
||||||
|
WWxHUEYxZTkxcktnSXl0YXl6elJ6eTQKit0pzEYgg3hc08swMg1mh17DLbVAXBu9
|
||||||
|
TaDZYCsH+nYzIVYG8Sp2IZVxENUbr6P5spDJs1dVSvWsRPLj0SXC/Q==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1tf5077gpdp3cp4hedvng5wltzvp9jg0ehpt7czhnczlx6ctvqpjstvrmmh
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKU0U4Ujk5dUhOL3ZFRFA0
|
||||||
|
Ny9UMG9ISmNRbDdCQThKNWtlTjVCLy9aNms4CmtxeXNhU2FmQkJzaDdBY1J4UWsv
|
||||||
|
MFF1dEdURFJXaDdiRkVaeFNVUXFJSm8KLS0tIFl6bnd3aGk4ZDlIMEdaaGRJUHA3
|
||||||
|
bFh4ZHF0S1Y4N2srS3dTUUxPRDRyZVkKlJJHMJ7nBcZqZXC893YIh3CDeWwew24n
|
||||||
|
lm2h3RzTQ993wnD6434FJF6MEKbOAfeunKf2K1GrKjfDO58n7I0edg==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2024-02-04T00:02:21Z"
|
||||||
|
mac: ENC[AES256_GCM,data:ULRJMKr3fvp9wDKuj1P62POxY43ZgtA60uhd2MLhTbPtYKM2r1bJbiLpwYi8pXKIC7I6Fl/og/fL2fyEx5ZRA7jME8PRQvmWlTytZnsOa8RCDYot5JxhwGwJ3keIZFAAnUxX3Vc0+Ch4u3qr1+EbffEh6m1Vt9fJiujI9aWdrt8=,iv:qjnWcu9wvnQ4H1Q6zu8edHYHjniJqz80Bx4XOkZ3+l8=,tag:eQk73teW1pBVszamlDdaFQ==,type:str]
|
||||||
|
pgp: []
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.8.1
|
|
@ -0,0 +1,30 @@
|
||||||
|
example_key: ENC[AES256_GCM,data:0VPRbi+eXJx6TEzSLg==,iv:wXY3sv0gW37H/Mv5s4caJIZe0NPzrSOu5+/zZV21OsU=,tag:66xqln7ExRHqTs84I5FI/g==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age17wdazshqnfe63cy7mmsmwld75e5wedgn8gngvmvlqdktlr86c4us87tjxv
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFaVc2c2ViN3pyYlNValQ2
|
||||||
|
b2Q4STlST1M1Umh6MWl3ZDAvajJVUXJIbW13CmRvQ3RBbWZrbklKRmU4MmdHdkVN
|
||||||
|
YlgxSElqZzl3ckZjRWtEU3pmcGhpZU0KLS0tIDlEYklTN3N3RWxFUFNZM2xGMXRI
|
||||||
|
RE41cnNWdWRrZUVwaG56Qmh6VEwzSnMKi4Hl9IjxZKelOQd2fxf54qN0ZAlx4zzE
|
||||||
|
O+acAe7wB8v85XgEt/DBJrVi6NYg8bt7uj4R71cAMZxKheBjdNNPXA==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1tf5077gpdp3cp4hedvng5wltzvp9jg0ehpt7czhnczlx6ctvqpjstvrmmh
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArU1ZmY0dkM3FQdWtCdGlP
|
||||||
|
VFNpMkFaWWZwMGJxS1dqRm5BQURLbGQ0M2hNCnA5OFBScUNUc01tM3R4M3RxNFdl
|
||||||
|
NlArazJ5aktVVGlxUlpEV0hLK2Zna3cKLS0tIGZYc0lnL1dLRDNxV2RFZFFhUmhN
|
||||||
|
RmRoZmxVMVhOL1FtTlA3QTNCQ1RlNWcKLitsiPk+4Lzdud4GR/iMgolGLLURU6mO
|
||||||
|
1FBk0HTP4b+f0G5Uentp9oBPTNA0J6qCo1C79ZgV6LiZoWKunh5QAg==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2024-02-10T18:21:20Z"
|
||||||
|
mac: ENC[AES256_GCM,data:euTc5etuk3p8g3OOijis4mvDrgS3dkYf5d3qkqlzftxcocZgPgUI9lJZCL3K11zn7JnbNUm5cMtr/h14WYtCJXztHXXhrpAbfy3HRNKlELCn+gENvbMM7Vtkb/8Uji2xosRHl4ygnTLN3L6/qX0Sn0sQm96UB3Q8ZHOXClQNZ/4=,iv:FNw/OEOhCmAMdbbIpkn3SbNwf2y0eHSHFuJlm58ZykU=,tag:ealqzvWEdGiQkvz/72L6QQ==,type:str]
|
||||||
|
pgp: []
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.7.3
|
|
@ -0,0 +1,11 @@
|
||||||
|
ADMIN_TOKEN=ENC[AES256_GCM,data:1cRomfcw7QRGJ8FeRBIbVE0Rj7hGgusSxa4h0oLWmlNSqDi1NLuMevCZoQQuwGE4ZgTttdUrZUv6QGwtndaDcQ==,iv:yCdNQbQx86CZU7GvShcL9YxOlzGr/bTfTp5DDMudTDs=,tag:gNN7eZc2mR/90n7JOeg5wg==,type:str]
|
||||||
|
SMTP_PASSWORD=ENC[AES256_GCM,data:GbBaT0JUsxCT8x3o5EoKvA==,iv:uA3WytiA9o/3qohl/eaMD7gVbORo4YZg2gzT/qZZHbA=,tag:GpP1lzeeNdkZfaI16cufzQ==,type:str]
|
||||||
|
YUBICO_SECRET_KEY=ENC[AES256_GCM,data:caHlB/H4iWfZP2jQjVrFIUXfYiT1g5q81Cyfb+7q,iv:XDmIl7dqV8R7bykwtQz3EQIf1qJHh3wPbL9RAu6ZWEk=,tag:3eDkQF1+7AroPzTh6PzTTg==,type:str]
|
||||||
|
sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaTCtwelNJdENDOERjSGlI\neUgwYnpvNDhnQkZmVmRaTmJSOFlCZFZGWkJjCjQrV3V3VExPZzIwVitJaUtmNEdU\nU09UbENVUi9wWWZ2RzNhbXN4VG5IZWsKLS0tIEpkT0hHZ2JCcEVBeGduWk83WnZm\nWlhkMzFMQXN5R3JBb1pvc0U5Y013dWMK5LiYBFHa2j29Q58VfR/XvxduBv/dy3Wi\nLasyBSqFrK0nngUXhCxPVCn8ZU5gMMaiXCisCPDxXDdX+t7DLErCSw==\n-----END AGE ENCRYPTED FILE-----\n
|
||||||
|
sops_age__list_0__map_recipient=age17wdazshqnfe63cy7mmsmwld75e5wedgn8gngvmvlqdktlr86c4us87tjxv
|
||||||
|
sops_age__list_1__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvS3o2TkplT1hIa1luKzky\nbEo0cGdIYStlTDg3NDh1UGQ1NTRqcTZqb0RRCk5aaTY2NnFMVDN6Z0ludDNyQW5n\nelNHZjNJZTJXbEVlN2xSNzBsQUV2WDAKLS0tIFBwRkpoWDIzMk5XRWh3dlRpbjR0\nbStON1RnbXprcXAwUm00aVExMVc2Q2sKdOrM7+UT5Bb6z5Rnv6EkVt8+aIEqWfOc\no2fc6d2F5ozmt/GS189dld8QWFvIY/RUQnRqm55txAip8NHynTt+0A==\n-----END AGE ENCRYPTED FILE-----\n
|
||||||
|
sops_age__list_1__map_recipient=age1tf5077gpdp3cp4hedvng5wltzvp9jg0ehpt7czhnczlx6ctvqpjstvrmmh
|
||||||
|
sops_lastmodified=2024-02-10T18:21:23Z
|
||||||
|
sops_mac=ENC[AES256_GCM,data:CAm7H/sbSnLD72uryZwK9rlu9ptTqBVMAvWjzI8PzzFx5PQHrkFKOmG73Sdao6Map1QMjM57g/q0DDxkL0tY3iW4X1kc3oUC4Ej4nj4/ZrjRiVpSA6Zs38gi4O30X7lr0iWK1DdD/wCMuo66ixJ5ol/0XBAUIUUUW7UxaTLptDM=,iv:bDvwwPoFeChslZgwnoSMPJzd9yY2Y6Tc8Gdyhxp9Fyk=,tag:BjUnCjdL9DNGg9sbyWOXAQ==,type:str]
|
||||||
|
sops_unencrypted_suffix=_unencrypted
|
||||||
|
sops_version=3.7.3
|
|
@ -0,0 +1,33 @@
|
||||||
|
services:
|
||||||
|
wireguard:
|
||||||
|
airvpn.private: ENC[AES256_GCM,data:COgDVq0CpZcTsjLMx4FLHSv/ZI8eSPRLTxVtJ8XrevzRXc25sVSNMdHiMFA=,iv:QSFKc2U2v58PiOF79PFanx+QlFge3FiMjEOJudr7qKU=,tag:N7KjBhK+59IeRALJeGKc6A==,type:str]
|
||||||
|
airvpn.psk: ENC[AES256_GCM,data:bxZ/Pk75jCPU/Nhx96JJkmrJCqSAudZLDQjKCXnvAJf/pPpZdwJTw3o7ywM=,iv:EwHiUZTs8py8TZxJciqW53m7O/rU5V8+ZgSCEXlrIJc=,tag:tOtlgWs8VLgt7T6/apkZeA==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age17wdazshqnfe63cy7mmsmwld75e5wedgn8gngvmvlqdktlr86c4us87tjxv
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvTndabjF2YXFpTU5RcG9U
|
||||||
|
UFV4SXVQZDNIK3htYi93U1BhbGNGMUtPcENFCi9nWWR0TmdYV0NhdDJhMFExRm9K
|
||||||
|
SDYzVXVZbmdOWGFybGxOTWs0K3Y2MlUKLS0tIGJLendISXNaWWdpVU5zcVgyeitJ
|
||||||
|
ZTZ4eTlxdVpha0NxK3h4dEU2S1dGaXcKkGlvEp+aosaFlnO4zUiQHkU1EFxxIuUU
|
||||||
|
L3y56QiCJxHo9bv9yvn0cIbxWLl+ow7I88FBf89z0OQxTqKxcpniYQ==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1tf5077gpdp3cp4hedvng5wltzvp9jg0ehpt7czhnczlx6ctvqpjstvrmmh
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkUGwvZ3hzaXBkTlA0Z1JX
|
||||||
|
N2R2cWNzWUIzVml0WGZxQ3FDUXFWOVJkWXdnCnNNbnFrYUVWYzBpdnRSdkdFZXRv
|
||||||
|
UHFKL3FQZEtST0tiaHZ0QUNzZWpWbTQKLS0tIGpLVW1EVXU5V0Q4QXF1b0xCeWlL
|
||||||
|
TFlUV2Vkak94YnI0OWpQR1A1TUlaUzAKEDaX7yhVViNG2/2EOcWWEynOOCYlzWZS
|
||||||
|
tsnOZcBkIDWkk6ZrZFXZ/iKzQiYTSWcznGPJuNd1Q9CnCCVKXtJmbQ==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2024-02-04T18:18:03Z"
|
||||||
|
mac: ENC[AES256_GCM,data:WM8D1TKT48WomrVcoT84cr8y7GajxbZ7ErQXwDZoPvw3phRLn7PuVdljtykIaTjQ9c0KrjSlLlTeRUhVUdFLJ5qB1ZA5N15wlDSRl7jtuaF8VKeAoS4txmh9YQXutrst1ldjk13nboOdRirNrYjqycdPtCBYQZc/bfvJUekoU7s=,iv:wpi+GlNNrpeMdW6CsLqhchgoyfbFOdTs2bD2pAAORtk=,tag:4QBEhFWszcJ+Gsml4K3Q9A==,type:str]
|
||||||
|
pgp: []
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.8.1
|
|
@ -0,0 +1,39 @@
|
||||||
|
{ config, pkgs, ... }:
|
||||||
|
{
|
||||||
|
# services.atticd = {
|
||||||
|
# enable = true;
|
||||||
|
# package = pkgs.attic-server;
|
||||||
|
#
|
||||||
|
# credentialsFile = "/run/secrets/services/attic/creds.env";
|
||||||
|
#
|
||||||
|
# settings = {
|
||||||
|
# listen = "0.0.0.0:28842";
|
||||||
|
#
|
||||||
|
# chunking = {
|
||||||
|
# nar-size-threshold = 64 * 1024; # 64 KiB
|
||||||
|
# min-size = 16 * 1024; # 16 KiB
|
||||||
|
# avg-size = 64 * 1024; # 64 KiB
|
||||||
|
# max-size = 256 * 1024; # 256 KiB
|
||||||
|
# };
|
||||||
|
# };
|
||||||
|
# };
|
||||||
|
#
|
||||||
|
# services.nginx.virtualHosts."attic.lewd.wtf" = {
|
||||||
|
# enableACME = true;
|
||||||
|
# forceSSL = true;
|
||||||
|
# locations."/" = {
|
||||||
|
# proxyPass = "http://127.0.0.1:28842";
|
||||||
|
# extraConfig =
|
||||||
|
# "proxy_set_header Host $host;" +
|
||||||
|
# "proxy_set_header X-Real-IP $remote_addr;" +
|
||||||
|
# "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;" +
|
||||||
|
# "proxy_set_header X-Forwarded-Proto $scheme;" +
|
||||||
|
# "proxy_connect_timeout 1800;" +
|
||||||
|
# "proxy_send_timeout 1800;" +
|
||||||
|
# "proxy_read_timeout 1800;" +
|
||||||
|
# "send_timeout 1800;" +
|
||||||
|
# "client_max_body_size 5G;"
|
||||||
|
# ;
|
||||||
|
# };
|
||||||
|
# };
|
||||||
|
}
|
|
@ -0,0 +1,21 @@
|
||||||
|
{
|
||||||
|
programs.msmtp = {
|
||||||
|
enable = true;
|
||||||
|
setSendmail = true;
|
||||||
|
defaults = {
|
||||||
|
aliases = builtins.toFile "aliases" ''
|
||||||
|
default: ciapa@lewd.wtf
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
accounts.default = {
|
||||||
|
auth = "plain";
|
||||||
|
host = "mail.your-server.de";
|
||||||
|
port = "587";
|
||||||
|
from = "phoenix@lewd.wtf";
|
||||||
|
user = "phoenix@lewd.wtf";
|
||||||
|
passwordeval = "cat /run/secrets/services/msmtp/password";
|
||||||
|
};
|
||||||
|
|
||||||
|
};
|
||||||
|
|
||||||
|
}
|
|
@ -0,0 +1,18 @@
|
||||||
|
{ config, lib, ... }:
|
||||||
|
{
|
||||||
|
services.nfs.server.enable = true;
|
||||||
|
fileSystems."/export/desktop" = lib.mkIf (!config.c3moc.switchNfs) {
|
||||||
|
device = "/mnt/zvault/desktop";
|
||||||
|
options = [ "bind" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
services.nfs.server.exports = lib.mkIf (!config.c3moc.switchNfs) ''
|
||||||
|
/export 192.168.0.20(rw,fsid=0,no_subtree_check) 192.168.1.39(ro,nohide,insecure,no_subtree_check,all_squash,anonuid=1000,anongid=1000)
|
||||||
|
/export/desktop 192.168.0.20(rw,nohide,insecure,no_subtree_check) 192.168.1.39(ro,nohide,insecure,no_subtree_check,all_squash,anonuid=1000,anongid=1000)
|
||||||
|
|
||||||
|
'';
|
||||||
|
|
||||||
|
networking.firewall.allowedTCPPorts = [ 111 662 892 2049 32769 32803 38467 ];
|
||||||
|
networking.firewall.allowedUDPPorts = [ 111 662 892 2049 32769 32803 38467 ];
|
||||||
|
}
|
||||||
|
|
|
@ -0,0 +1,6 @@
|
||||||
|
{
|
||||||
|
services.smartd.enable = true;
|
||||||
|
services.smartd.notifications.mail.enable = true;
|
||||||
|
services.smartd.notifications.mail.sender = "phoenix@lewd.wtf";
|
||||||
|
services.smartd.notifications.mail.recipient = "ciapa@lewd.wtf";
|
||||||
|
}
|
|
@ -0,0 +1,8 @@
|
||||||
|
{ config, pkgs, ... }:
|
||||||
|
{
|
||||||
|
services.unifi = {
|
||||||
|
enable = true;
|
||||||
|
unifiPackage = pkgs.unifi8;
|
||||||
|
openFirewall = true;
|
||||||
|
};
|
||||||
|
}
|
|
@ -13,6 +13,11 @@
|
||||||
WEBSOCKET_ENABLED = true;
|
WEBSOCKET_ENABLED = true;
|
||||||
WEBSOCKET_PORT = 3012;
|
WEBSOCKET_PORT = 3012;
|
||||||
ROCKET_PORT = 8222;
|
ROCKET_PORT = 8222;
|
||||||
|
SMTP_HOST = "mail.your-server.de";
|
||||||
|
SMTP_FROM = "vaultwarden@lewd.wtf";
|
||||||
|
SMTP_FROM_NAME = "Vaultwarden";
|
||||||
|
SMTP_USERNAME = "vaultwarden@lewd.wtf";
|
||||||
|
YUBICO_CLIENT_ID = 88022;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -2,12 +2,19 @@
|
||||||
{
|
{
|
||||||
services.vikunja = {
|
services.vikunja = {
|
||||||
enable = true;
|
enable = true;
|
||||||
setupNginx = true;
|
|
||||||
frontendScheme = "https";
|
frontendScheme = "https";
|
||||||
frontendHostname = "todo.lewd.wtf";
|
frontendHostname = "todo.lewd.wtf";
|
||||||
};
|
};
|
||||||
services.nginx.virtualHosts."todo.lewd.wtf" = {
|
services.nginx.virtualHosts."todo.lewd.wtf" = {
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
|
locations = {
|
||||||
|
"/" = {
|
||||||
|
proxyPass = "http://localhost:3456";
|
||||||
|
extraConfig = ''
|
||||||
|
client_max_body_size 20M;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
|
@ -0,0 +1,98 @@
|
||||||
|
{ config, pkgs, ... }:
|
||||||
|
let
|
||||||
|
sendEmailEvent = { event }: ''
|
||||||
|
printf "Subject: phoenix ${event} ''$(${pkgs.coreutils}/bin/date --iso-8601=seconds)\n\nzpool status:\n\n''$(${pkgs.zfs}/bin/zpool status)" | ${pkgs.msmtp}/bin/msmtp -a default ciapa@lewd.wtf || true
|
||||||
|
'';
|
||||||
|
in
|
||||||
|
{
|
||||||
|
# ZFS remote unlocking
|
||||||
|
boot.initrd.systemd.enable = true;
|
||||||
|
# TODO: Install ZFS tools
|
||||||
|
# TODO: Override built-in zfs unlock service
|
||||||
|
boot.initrd.availableKernelModules = [ "igb" ];
|
||||||
|
boot.kernelParams = [
|
||||||
|
"ip=192.168.0.42::192.168.0.1:255.255.252.0:phoenix-initrd:eno2:off:192.168.0.1"
|
||||||
|
];
|
||||||
|
boot.initrd.systemd.services.zfsunlock = {
|
||||||
|
description = "Unlock ZFS pools";
|
||||||
|
wantedBy = [
|
||||||
|
"initrd.target"
|
||||||
|
];
|
||||||
|
before = [
|
||||||
|
"zfs-import-zroot.service"
|
||||||
|
];
|
||||||
|
unitConfig.DefaultDependencies = "no";
|
||||||
|
serviceConfig.Type = "oneshot";
|
||||||
|
script = ''
|
||||||
|
cat <<EOF > /root/.profile
|
||||||
|
if pgrep -x "zfs" > /dev/null
|
||||||
|
then
|
||||||
|
zfs load-key zroot
|
||||||
|
zpool import -f zbigdata
|
||||||
|
zfs load-key zbigdata
|
||||||
|
zpool import -f zvault
|
||||||
|
zfs load-key zvault
|
||||||
|
killall zfs
|
||||||
|
else
|
||||||
|
echo "zfs not running -- maybe the pool is taking some time to load for some unforseen reason."
|
||||||
|
fi
|
||||||
|
EOF
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
boot.initrd.network = {
|
||||||
|
enable = true;
|
||||||
|
ssh = {
|
||||||
|
enable = true;
|
||||||
|
port = 2222;
|
||||||
|
hostKeys = [
|
||||||
|
/boot-1/initrd-ssh-key
|
||||||
|
/boot-2/initrd-ssh-key
|
||||||
|
];
|
||||||
|
authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
# ZFS options from https://nixos.wiki/wiki/NixOS_on_ZFS
|
||||||
|
networking.hostId = "42069420";
|
||||||
|
boot.supportedFilesystems = [ "zfs" ];
|
||||||
|
|
||||||
|
# ZFS notifications
|
||||||
|
services.zfs.zed.enableMail = true;
|
||||||
|
services.zfs.zed.settings = {
|
||||||
|
ZED_EMAIL_ADDR = [ "ciapa@lewd.wtf" ];
|
||||||
|
ZED_EMAIL_OPTS = "-a 'FROM:phoenix@lewd.wtf' -s '@SUBJECT@' @ADDRESS@";
|
||||||
|
ZED_NOTIFY_VERBOSE = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
# Timed status mails (Boot, Shutdown, Weekly)
|
||||||
|
systemd.services."boot-mail-alert" = {
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
after = [ "network-online.target" ];
|
||||||
|
wants = [ "network-online.target" ];
|
||||||
|
serviceConfig = {
|
||||||
|
Type = "oneshot";
|
||||||
|
RemainAfterExit = true;
|
||||||
|
};
|
||||||
|
script = sendEmailEvent { event = "just booted"; };
|
||||||
|
};
|
||||||
|
systemd.services."shutdown-mail-alert" = {
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
after = [ "network-online.target" ];
|
||||||
|
wants = [ "network-online.target" ];
|
||||||
|
serviceConfig = {
|
||||||
|
Type = "oneshot";
|
||||||
|
RemainAfterExit = true;
|
||||||
|
};
|
||||||
|
script = "true";
|
||||||
|
preStop = sendEmailEvent { event = "is shutting down"; };
|
||||||
|
};
|
||||||
|
systemd.services."weekly-mail-alert" = {
|
||||||
|
serviceConfig.Type = "oneshot";
|
||||||
|
script = sendEmailEvent { event = "is still alive"; };
|
||||||
|
};
|
||||||
|
systemd.timers."weekly-mail-alert" = {
|
||||||
|
wantedBy = [ "timers.target" ];
|
||||||
|
partOf = [ "weekly-mail-alert.service" ];
|
||||||
|
timerConfig.OnCalendar = "weekly";
|
||||||
|
};
|
||||||
|
}
|
|
@ -13,4 +13,6 @@
|
||||||
device = "/dev/disk/by-label/home";
|
device = "/dev/disk/by-label/home";
|
||||||
fsType = "ext4";
|
fsType = "ext4";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
services.qemuGuest.enable = true;
|
||||||
}
|
}
|
||||||
|
|
|
@ -7,7 +7,7 @@
|
||||||
variables.qbittorrent = {
|
variables.qbittorrent = {
|
||||||
user = "aztul";
|
user = "aztul";
|
||||||
group = "aztul";
|
group = "aztul";
|
||||||
torrentPort = 56997;
|
torrentPort = 39242;
|
||||||
uiPort = 8888;
|
uiPort = 8888;
|
||||||
configDir = "/home/aztul";
|
configDir = "/home/aztul";
|
||||||
openFilesLimit = 8192;
|
openFilesLimit = 8192;
|
||||||
|
|
|
@ -1,18 +0,0 @@
|
||||||
{
|
|
||||||
virtualisation.oci-containers.containers = {
|
|
||||||
filebrowser = {
|
|
||||||
image = "filebrowser/filebrowser:s6";
|
|
||||||
autoStart = true;
|
|
||||||
ports = [ "80:8080" ];
|
|
||||||
volumes = [
|
|
||||||
"/home/kitty:/home/kitty"
|
|
||||||
"/home/kitty/filebrowser/config:/config"
|
|
||||||
"/home/kitty/filebrowser/database:/database"
|
|
||||||
];
|
|
||||||
environment = {
|
|
||||||
PUID = "1000";
|
|
||||||
PGID = "994";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,14 +0,0 @@
|
||||||
{ pkgs, ...}:
|
|
||||||
{
|
|
||||||
networking.firewall.allowedTCPPorts = [ 9000 ];
|
|
||||||
|
|
||||||
services.thelounge = {
|
|
||||||
enable = true;
|
|
||||||
public = false;
|
|
||||||
extraConfig = {
|
|
||||||
prefetch = true;
|
|
||||||
messageStorage = [ "sqlite" "text" ];
|
|
||||||
};
|
|
||||||
plugins = [ pkgs.theLoungePlugins.themes.solarized ];
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,14 +0,0 @@
|
||||||
{
|
|
||||||
users.groups.kitty = {};
|
|
||||||
users.users.kitty = {
|
|
||||||
group = "kitty";
|
|
||||||
isNormalUser = true;
|
|
||||||
home = "/home/kitty";
|
|
||||||
homeMode = "755";
|
|
||||||
createHome = true;
|
|
||||||
openssh.authorizedKeys.keys = [
|
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIERtfY26/h5xl+bzZm2htR4+Wd879DvZRPHsosFaEqIW gaming@DESKTOP-4ACM3JU"
|
|
||||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDQMGFxzIW62c1rudlhYOB9kKuzm3dZWu/PKh89GAtXccRz5Lq+AempZvuKX8LxvMoDsctocAmqKOfthQUUNP3rJtrEzyuEV7tpZ21oJ03ALW4uJUz306lsHoEjet6x2w83OmXp3p7bX+PphjVu83M2P6rO0QuWxSutoQRK/Zc09lSpJiSMqh8tH9rc7t3gBwhvhIRAWGBSjXBV0G5L+Ws8gGP+br5YhtHR39tq0EypV8ZfZs7Q8KQngioF+sX8ry0U0MNBC2ueTY0yGFpM1mE6OHW00gZPXxLb38oPvj2o76bMoI/jCqoX9C0YO1So6QM49Useiwxo2R6igDPYcT4r1g3Qdz5DXp1U/81qADxAl4IoeW6zMtrLXRAGa1qRlHA4HfOBjQShCdKbh0Vj927QPM2sSbVRngL7fNkUl19ChkA7HEMt8l446y9e84VCMpkYOBanUOZlpcGsn/TGlQVoWuk80ZgCt7fdP4JOHhmggvWiHhmJ4fDmSXxXQjRfL7k= kitty@fedora"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -12,13 +12,13 @@ in
|
||||||
{
|
{
|
||||||
inherit imports;
|
inherit imports;
|
||||||
|
|
||||||
networking.hostName = "kitty";
|
networking.hostName = "oosi";
|
||||||
networking.domain = "elmosco.lewd.wtf";
|
networking.domain = "elmosco.lewd.wtf";
|
||||||
|
|
||||||
boot.loader.grub = {
|
boot.loader.grub = {
|
||||||
enable = true;
|
enable = true;
|
||||||
efiSupport = false;
|
efiSupport = false;
|
||||||
devices = [ "/dev/sda" ];
|
devices = [ "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
system.stateVersion = "22.11";
|
system.stateVersion = "22.11";
|
|
@ -13,4 +13,6 @@
|
||||||
device = "/dev/disk/by-label/home";
|
device = "/dev/disk/by-label/home";
|
||||||
fsType = "ext4";
|
fsType = "ext4";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
services.qemuGuest.enable = true;
|
||||||
}
|
}
|
|
@ -4,7 +4,7 @@
|
||||||
networking.nameservers = [ "1.1.1.1" ];
|
networking.nameservers = [ "1.1.1.1" ];
|
||||||
networking.interfaces.ens18.ipv4.addresses = [
|
networking.interfaces.ens18.ipv4.addresses = [
|
||||||
{
|
{
|
||||||
address = "192.168.99.105";
|
address = "192.168.99.106";
|
||||||
prefixLength = 24;
|
prefixLength = 24;
|
||||||
}
|
}
|
||||||
];
|
];
|
|
@ -5,11 +5,11 @@
|
||||||
];
|
];
|
||||||
|
|
||||||
variables.qbittorrent = {
|
variables.qbittorrent = {
|
||||||
user = "kitty";
|
user = "oosi";
|
||||||
group = "kitty";
|
group = "oosi";
|
||||||
torrentPort = 57267;
|
torrentPort = 39510;
|
||||||
uiPort = 8888;
|
uiPort = 8888;
|
||||||
configDir = "/home/kitty";
|
configDir = "/home/oosi";
|
||||||
openFilesLimit = 8192;
|
openFilesLimit = 8192;
|
||||||
};
|
};
|
||||||
}
|
}
|
|
@ -0,0 +1,11 @@
|
||||||
|
{
|
||||||
|
users.groups.oosi = {};
|
||||||
|
users.users.oosi = {
|
||||||
|
group = "oosi";
|
||||||
|
isNormalUser = true;
|
||||||
|
home = "/home/oosi";
|
||||||
|
openssh.authorizedKeys.keys = [
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIERtfY26/h5xl+bzZm2htR4+Wd879DvZRPHsosFaEqIW gaming@DESKTOP-4ACM3JU"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
}
|
|
@ -0,0 +1,25 @@
|
||||||
|
{ self, config, pkgs, lib, ... }:
|
||||||
|
let
|
||||||
|
utils = import ../../../util/include.nix { lib = lib; };
|
||||||
|
imports =
|
||||||
|
(utils.includeDir ./services) ++
|
||||||
|
[
|
||||||
|
./hardware-configuration.nix
|
||||||
|
./networking.nix
|
||||||
|
./users.nix
|
||||||
|
];
|
||||||
|
in
|
||||||
|
{
|
||||||
|
inherit imports;
|
||||||
|
|
||||||
|
networking.hostName = "reject";
|
||||||
|
networking.domain = "elmosco.lewd.wtf";
|
||||||
|
|
||||||
|
boot.loader.grub = {
|
||||||
|
enable = true;
|
||||||
|
efiSupport = false;
|
||||||
|
devices = [ "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
system.stateVersion = "22.11";
|
||||||
|
}
|
|
@ -9,8 +9,10 @@
|
||||||
fsType = "ext4";
|
fsType = "ext4";
|
||||||
};
|
};
|
||||||
|
|
||||||
fileSystems."/mnt/data" = {
|
fileSystems."/home" = {
|
||||||
device = "/dev/disk/by-label/data";
|
device = "/dev/disk/by-uuid/b18648f1-8147-4b85-a848-3578efa4ce6e";
|
||||||
fsType = "ext4";
|
fsType = "ext4";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
services.qemuGuest.enable = true;
|
||||||
}
|
}
|
|
@ -1,10 +1,10 @@
|
||||||
{ ... }:
|
{ ... }:
|
||||||
{
|
{
|
||||||
networking.defaultGateway = "192.168.11.1";
|
networking.defaultGateway = "192.168.99.1";
|
||||||
networking.nameservers = [ "1.1.1.1" ];
|
networking.nameservers = [ "1.1.1.1" ];
|
||||||
networking.interfaces.ens18.ipv4.addresses = [
|
networking.interfaces.ens18.ipv4.addresses = [
|
||||||
{
|
{
|
||||||
address = "192.168.11.110";
|
address = "192.168.99.104";
|
||||||
prefixLength = 24;
|
prefixLength = 24;
|
||||||
}
|
}
|
||||||
];
|
];
|
|
@ -0,0 +1,15 @@
|
||||||
|
{
|
||||||
|
imports =
|
||||||
|
[
|
||||||
|
../../../../deployments/seedbox/qbittorrent/default.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
variables.qbittorrent = {
|
||||||
|
user = "reject";
|
||||||
|
group = "reject";
|
||||||
|
torrentPort = 45573;
|
||||||
|
uiPort = 8888;
|
||||||
|
configDir = "/home/reject";
|
||||||
|
openFilesLimit = 8192;
|
||||||
|
};
|
||||||
|
}
|
|
@ -0,0 +1,13 @@
|
||||||
|
{
|
||||||
|
users.groups.reject = {};
|
||||||
|
users.users.reject = {
|
||||||
|
group = "reject";
|
||||||
|
isNormalUser = true;
|
||||||
|
home = "/home/reject";
|
||||||
|
openssh.authorizedKeys.keys = [
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIERtfY26/h5xl+bzZm2htR4+Wd879DvZRPHsosFaEqIW gaming@DESKTOP-4ACM3JU"
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOyjWjNDALf4HRFyXnjnvofnt0TvcJbVdZ58G16i6QOr elmosco-reject"
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF8d6LtZouZ7I/nWgFkfo/6BT3dh8GFFSS8qOIdi+2xW jellyfin@jellyfin"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
}
|
|
@ -0,0 +1,27 @@
|
||||||
|
{ self, config, pkgs, lib, ... }:
|
||||||
|
let
|
||||||
|
utils = import ../../../util/include.nix { lib = lib; };
|
||||||
|
imports =
|
||||||
|
(utils.includeDir ./services) ++
|
||||||
|
(utils.includeDir ./storage_users) ++
|
||||||
|
[
|
||||||
|
./hardware-configuration.nix
|
||||||
|
./networking.nix
|
||||||
|
./users.nix
|
||||||
|
./sftp_jail.nix
|
||||||
|
];
|
||||||
|
in
|
||||||
|
{
|
||||||
|
inherit imports;
|
||||||
|
|
||||||
|
networking.hostName = "rene";
|
||||||
|
networking.domain = "elmosco.lewd.wtf";
|
||||||
|
|
||||||
|
boot.loader.grub = {
|
||||||
|
enable = true;
|
||||||
|
efiSupport = false;
|
||||||
|
devices = [ "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
system.stateVersion = "22.11";
|
||||||
|
}
|
|
@ -0,0 +1,25 @@
|
||||||
|
{ modulesPath, ... }:
|
||||||
|
{
|
||||||
|
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
|
||||||
|
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
|
||||||
|
boot.kernelModules = [ "kvm-intel" ];
|
||||||
|
|
||||||
|
fileSystems."/" = {
|
||||||
|
device = "/dev/disk/by-label/nixos";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/home" = {
|
||||||
|
device = "/dev/disk/by-label/home";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
|
||||||
|
# Shared stuff
|
||||||
|
fileSystems."/sftp_jail/melic" = {
|
||||||
|
device = "/home/rene/shared";
|
||||||
|
options = [ "bind,ro" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
services.qemuGuest.enable = true;
|
||||||
|
}
|
|
@ -0,0 +1,11 @@
|
||||||
|
{ ... }:
|
||||||
|
{
|
||||||
|
networking.defaultGateway = "192.168.99.1";
|
||||||
|
networking.nameservers = [ "1.1.1.1" ];
|
||||||
|
networking.interfaces.ens18.ipv4.addresses = [
|
||||||
|
{
|
||||||
|
address = "192.168.99.113";
|
||||||
|
prefixLength = 24;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
}
|
|
@ -0,0 +1,15 @@
|
||||||
|
{
|
||||||
|
imports =
|
||||||
|
[
|
||||||
|
../../../../deployments/seedbox/qbittorrent/default.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
variables.qbittorrent = {
|
||||||
|
user = "rene";
|
||||||
|
group = "rene";
|
||||||
|
torrentPort = 61478;
|
||||||
|
uiPort = 8888;
|
||||||
|
configDir = "/home/rene";
|
||||||
|
openFilesLimit = 8192;
|
||||||
|
};
|
||||||
|
}
|
|
@ -0,0 +1,12 @@
|
||||||
|
{
|
||||||
|
users.users.melic = {
|
||||||
|
group = "sftponly";
|
||||||
|
isNormalUser = true;
|
||||||
|
home = "/sftp_jail/melic";
|
||||||
|
openssh.authorizedKeys.keys = [
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIERtfY26/h5xl+bzZm2htR4+Wd879DvZRPHsosFaEqIW gaming@DESKTOP-4ACM3JU"
|
||||||
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDcJKdwwvygRMH/91brR++Fk7sP47wuB8zuTtx+1OZBL+ZyeSmyiwZFXU5WfhwEZndOG4XlLTvJwvgYTMEyvZqh9DuasLv7AqbMfTVkQx1RJOUuLBDLFcjVI5RvGJz1aFRY8Uu0lWll+Nd7Onl8qSDnfSe+mRXw7O90cJI+nELDITxrG5wZ1Onm/ApsaX3S8iPLT5o74hWzE6tKBQqbEcRJJs5snLhxeIXNpaHFN40tJr2MEaLjpdu+9EiKUoVhV8JyUWKHeJFinyAwCC7g7IWte8t43IwQrSfIA19r7+HAMi6bJk5++LBm8p4APSV+rw+tFOzSV+jkAvizTKTUGC/CHMBnq2R1FF+ilSmWSecu2XI4KmKeAD64o5YndXrb0VWCIcVZjphqp52lzk4YNA97xsA6l1VVdfbhKu95Z+HV8kLXW8Nf4d36RUrxgtFnO1MkIh+yO6+xeVak4Fizbu42g49QZe6i3pcCUvB73kHFFfprnSgKouK3/TN4YCIyDsk= melic@Erika"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
|
@ -0,0 +1,12 @@
|
||||||
|
{
|
||||||
|
users.groups.rene = {};
|
||||||
|
users.users.rene = {
|
||||||
|
group = "rene";
|
||||||
|
isNormalUser = true;
|
||||||
|
home = "/home/rene";
|
||||||
|
openssh.authorizedKeys.keys = [
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIERtfY26/h5xl+bzZm2htR4+Wd879DvZRPHsosFaEqIW gaming@DESKTOP-4ACM3JU"
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKFIo3cXTZfJQHCmGd2VS6lbK513Hdd/6/ycqAslpXGC rene"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
}
|
|
@ -2,18 +2,18 @@
|
||||||
let
|
let
|
||||||
utils = import ../../util/include.nix { lib = lib; };
|
utils = import ../../util/include.nix { lib = lib; };
|
||||||
imports =
|
imports =
|
||||||
(utils.includeDir ./mirror_users) ++
|
(utils.includeDir ./services) ++
|
||||||
[
|
[
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
./networking.nix
|
./networking.nix
|
||||||
./sftp_jail.nix
|
./secrets.nix
|
||||||
];
|
];
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
inherit imports;
|
inherit imports;
|
||||||
|
|
||||||
networking.hostName = "master";
|
networking.hostName = "sphinx";
|
||||||
networking.domain = "mirror.lewd.wtf";
|
networking.domain = "lewd.wtf";
|
||||||
|
|
||||||
boot.loader.grub = {
|
boot.loader.grub = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -21,5 +21,5 @@ in
|
||||||
devices = [ "/dev/sda" ];
|
devices = [ "/dev/sda" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
system.stateVersion = "22.11";
|
system.stateVersion = "24.05";
|
||||||
}
|
}
|
|
@ -2,7 +2,10 @@
|
||||||
{
|
{
|
||||||
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
|
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
|
||||||
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
|
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
|
||||||
boot.initrd.kernelModules = [ "nvme" ];
|
boot.kernelModules = [ "nvme" ];
|
||||||
fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; };
|
|
||||||
|
|
||||||
|
fileSystems."/" = {
|
||||||
|
device = "/dev/sda1";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
}
|
}
|
|
@ -0,0 +1,32 @@
|
||||||
|
{ lib, ... }: {
|
||||||
|
# This file was populated at runtime with the networking
|
||||||
|
# details gathered from the active system.
|
||||||
|
networking = {
|
||||||
|
nameservers = [ "8.8.8.8" ];
|
||||||
|
defaultGateway = "172.31.1.1";
|
||||||
|
defaultGateway6 = {
|
||||||
|
address = "fe80::1";
|
||||||
|
interface = "eth0";
|
||||||
|
};
|
||||||
|
dhcpcd.enable = false;
|
||||||
|
usePredictableInterfaceNames = lib.mkForce false;
|
||||||
|
interfaces = {
|
||||||
|
eth0 = {
|
||||||
|
ipv4.addresses = [
|
||||||
|
{ address="116.203.182.240"; prefixLength=32; }
|
||||||
|
];
|
||||||
|
ipv6.addresses = [
|
||||||
|
{ address="2a01:4f8:1c1b:7a9b::1"; prefixLength=64; }
|
||||||
|
{ address="fe80::9400:3ff:fe62:dffe"; prefixLength=64; }
|
||||||
|
];
|
||||||
|
ipv4.routes = [ { address = "172.31.1.1"; prefixLength = 32; } ];
|
||||||
|
ipv6.routes = [ { address = "fe80::1"; prefixLength = 128; } ];
|
||||||
|
};
|
||||||
|
|
||||||
|
};
|
||||||
|
};
|
||||||
|
services.udev.extraRules = ''
|
||||||
|
ATTR{address}=="96:00:03:62:df:fe", NAME="eth0"
|
||||||
|
|
||||||
|
'';
|
||||||
|
}
|
|
@ -1,6 +1,5 @@
|
||||||
{ config, ... }:
|
{ config, ... }:
|
||||||
{
|
{
|
||||||
sops.defaultSopsFile = ./secrets/services.yaml;
|
|
||||||
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||||||
|
|
||||||
# Vaultwarden
|
# Vaultwarden
|
|
@ -0,0 +1,11 @@
|
||||||
|
ADMIN_TOKEN=ENC[AES256_GCM,data:xAMhqj/wAqmDPUEo+IUMsaY9+/dTOmdwm5NKu7LC9PGgyORRVjowI5Fu/3j47u9JKLXPyGvQM33s+S3VqNhspQ==,iv:yCdNQbQx86CZU7GvShcL9YxOlzGr/bTfTp5DDMudTDs=,tag:QRsgnB9K1DcEcHlGrUA2EQ==,type:str]
|
||||||
|
SMTP_PASSWORD=ENC[AES256_GCM,data:JvSxXTTPQmox2O7n28018A==,iv:uA3WytiA9o/3qohl/eaMD7gVbORo4YZg2gzT/qZZHbA=,tag:v3Rkhp4HpjZE8Z45N3jcxQ==,type:str]
|
||||||
|
YUBICO_SECRET_KEY=ENC[AES256_GCM,data:oUXZDR5F1eXNKFYYiK9BQfeuves36PdqfKE1Yb7Z,iv:XDmIl7dqV8R7bykwtQz3EQIf1qJHh3wPbL9RAu6ZWEk=,tag:F5kb5XqY0JPeBGYOFrQC8g==,type:str]
|
||||||
|
sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjcWZxL3Q4dElaV0hjWm9J\nN1ViOEZkS3Z1RlAvRHFKZjdhU2drNWFZT3dBClY3Rm1lK1FaR1hmSTZ5dUJSNktK\ndGhneVdXS2R3MXB4N01yaTBlaGxjSEUKLS0tIHY3ejBnUzNlRWs3L0c3bkpBRFk5\ndHJNdG9ESHZ3ZzlPMExwNmpZSHpYZVUK9d6xS6ji8N3rZS1OmXJU7VZd6jZNETPK\nZTozNHhcvQiXTdlc23cSUZOHeJyugV+IjRpkDUBjh/0f/YzBNH7gsA==\n-----END AGE ENCRYPTED FILE-----\n
|
||||||
|
sops_age__list_0__map_recipient=age17wdazshqnfe63cy7mmsmwld75e5wedgn8gngvmvlqdktlr86c4us87tjxv
|
||||||
|
sops_age__list_1__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtTEdOT3RaQWNzQkhzd0ds\ncS9tVWZJbDNMUmNCcWpRSDJwbDV4cUpHZ0ZJCkdBUGRxOUp2QnpYSnRpdzFxK2Fj\nSW9lRUIxbFBoWDFYVEhDK3FvOGk0VzgKLS0tIENBVkpTa0ZpTFFpVG4yR1p2c1lT\nZExSWmdUTXR5SS8yZzQ1VExGdkk0alkKIebJqoBgEv9KK8Nmtyo4xYAd8UA7czBC\noRHZv9cduFhA55iDvEQIdfrDJGMTCAbnuXEGlh0hee0KFFrsar7FEg==\n-----END AGE ENCRYPTED FILE-----\n
|
||||||
|
sops_age__list_1__map_recipient=age1myz28jqex5kpcsjqg2a0la8cyuutzj4cxf53vs3v8ey6fqzvk3ws8z8k3h
|
||||||
|
sops_lastmodified=2024-06-06T10:12:52Z
|
||||||
|
sops_mac=ENC[AES256_GCM,data:KRi4A7W8/SWaSdX6kz1r00u0s0e+H9T1DlNlWXjbL5ZqUiACBGvmnlU0Ylqter7JBnP6hM3y34wuTH3XzqpAmcPLSCg6bhLqV24AIzTxb/xJJUj0G2uTle//LUipVVem19ECVS0refj36nDd4Lzuyy6fe6uowQMkt2vzLlmr6t8=,iv:1DTq4KQLJwyByoFP6inLp4DmrFra+ca1EEAGgUJ5NMs=,tag:oovcb4hGB1dyOzR5GV5wog==,type:str]
|
||||||
|
sops_unencrypted_suffix=_unencrypted
|
||||||
|
sops_version=3.7.3
|
|
@ -0,0 +1,7 @@
|
||||||
|
{
|
||||||
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||||
|
|
||||||
|
services.nginx = {
|
||||||
|
enable = true;
|
||||||
|
};
|
||||||
|
}
|
|
@ -0,0 +1,60 @@
|
||||||
|
{ config, ... }:
|
||||||
|
{
|
||||||
|
users.users.vaultwarden.extraGroups = [ config.users.groups.keys.name ];
|
||||||
|
|
||||||
|
services.vaultwarden = {
|
||||||
|
enable = true;
|
||||||
|
environmentFile = "/run/secrets/services/vaultwarden/.env";
|
||||||
|
config = {
|
||||||
|
DOMAIN = "https://vault.lewd.wtf";
|
||||||
|
SIGNUPS_ALLOWED = false;
|
||||||
|
SIGNUPS_VERIFY = true;
|
||||||
|
INVITATIONS_ALLOWED = false;
|
||||||
|
WEBSOCKET_ENABLED = true;
|
||||||
|
WEBSOCKET_PORT = 3012;
|
||||||
|
ROCKET_PORT = 8222;
|
||||||
|
SMTP_HOST = "mail.your-server.de";
|
||||||
|
SMTP_FROM = "vaultwarden@lewd.wtf";
|
||||||
|
SMTP_FROM_NAME = "Vaultwarden";
|
||||||
|
SMTP_USERNAME = "vaultwarden@lewd.wtf";
|
||||||
|
YUBICO_CLIENT_ID = 88022;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
services.nginx.clientMaxBodySize = "128M";
|
||||||
|
|
||||||
|
services.nginx.virtualHosts."vault.lewd.wtf" = {
|
||||||
|
enableACME = true;
|
||||||
|
forceSSL = true;
|
||||||
|
locations."/" = {
|
||||||
|
proxyPass = "http://127.0.0.1:8222";
|
||||||
|
proxyWebsockets = true; # needed if you need to use WebSocket
|
||||||
|
extraConfig =
|
||||||
|
"proxy_set_header Host $host;" +
|
||||||
|
"proxy_set_header X-Real-IP $remote_addr;" +
|
||||||
|
"proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;" +
|
||||||
|
"proxy_set_header X-Forwarded-Proto $scheme;"
|
||||||
|
;
|
||||||
|
};
|
||||||
|
locations."/notifications/hub/negotiate" = {
|
||||||
|
proxyPass = "http://127.0.0.1:8222";
|
||||||
|
proxyWebsockets = true; # needed if you need to use WebSocket
|
||||||
|
extraConfig =
|
||||||
|
"proxy_set_header Host $host;" +
|
||||||
|
"proxy_set_header X-Real-IP $remote_addr;" +
|
||||||
|
"proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;" +
|
||||||
|
"proxy_set_header X-Forwarded-Proto $scheme;"
|
||||||
|
;
|
||||||
|
};
|
||||||
|
locations."/notifications/hub" = {
|
||||||
|
proxyPass = "http://127.0.0.1:3012";
|
||||||
|
proxyWebsockets = true; # needed if you need to use WebSocket
|
||||||
|
extraConfig =
|
||||||
|
"proxy_set_header Host $host;" +
|
||||||
|
"proxy_set_header X-Real-IP $remote_addr;" +
|
||||||
|
"proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;" +
|
||||||
|
"proxy_set_header X-Forwarded-Proto $scheme;"
|
||||||
|
;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -5,7 +5,7 @@
|
||||||
gc = {
|
gc = {
|
||||||
automatic = true;
|
automatic = true;
|
||||||
dates = "weekly";
|
dates = "weekly";
|
||||||
options = "--delete-older-than 15";
|
options = "--delete-older-than 15d";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -4,7 +4,8 @@
|
||||||
vim
|
vim
|
||||||
git
|
git
|
||||||
curl
|
curl
|
||||||
htop
|
btop
|
||||||
rclone
|
rclone
|
||||||
|
screen
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -7,25 +7,24 @@
|
||||||
settings = {
|
settings = {
|
||||||
PasswordAuthentication = false;
|
PasswordAuthentication = false;
|
||||||
PermitRootLogin = "prohibit-password";
|
PermitRootLogin = "prohibit-password";
|
||||||
|
Ciphers = [
|
||||||
|
"chacha20-poly1305@openssh.com"
|
||||||
|
"aes256-gcm@openssh.com"
|
||||||
|
"aes256-ctr"
|
||||||
|
"aes128-gcm@openssh.com"
|
||||||
|
];
|
||||||
|
Macs = [
|
||||||
|
"umac-128-etm@openssh.com"
|
||||||
|
"hmac-sha2-256-etm@openssh.com"
|
||||||
|
"hmac-sha2-512-etm@openssh.com"
|
||||||
|
"hmac-sha2-512"
|
||||||
|
];
|
||||||
|
KexAlgorithms = [
|
||||||
|
"curve25519-sha256@libssh.org"
|
||||||
|
"diffie-hellman-group16-sha512"
|
||||||
|
"diffie-hellman-group18-sha512"
|
||||||
|
"curve25519-sha256"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
ciphers = [
|
|
||||||
"chacha20-poly1305@openssh.com"
|
|
||||||
"aes256-gcm@openssh.com"
|
|
||||||
"aes256-ctr"
|
|
||||||
"aes128-gcm@openssh.com"
|
|
||||||
];
|
|
||||||
macs = [
|
|
||||||
"umac-128-etm@openssh.com"
|
|
||||||
"hmac-sha2-256-etm@openssh.com"
|
|
||||||
"hmac-sha2-512-etm@openssh.com"
|
|
||||||
"hmac-sha2-512"
|
|
||||||
];
|
|
||||||
kexAlgorithms = [
|
|
||||||
"curve25519-sha256@libssh.org"
|
|
||||||
"diffie-hellman-group16-sha512"
|
|
||||||
"diffie-hellman-group18-sha512"
|
|
||||||
"curve25519-sha256"
|
|
||||||
];
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue